Proof of Cloud

Verify your confidential workloads run on legitimate cloud hardware in secure facilities, with the database governed and maintained by the Proof of Cloud Alliance.

Verify an Attestation

Attestation Quote

Why Proof of Cloud

No security model is perfect. But requiring an attacker to break both the TEE and physically compromise a verified facility creates two independent security barriers instead of one. That's the foundation of defense in depth.

How It Works

Proof of Cloud maintains a public registry binding hardware IDs to verified physical locations. An attacker now needs to break your TEE and physically compromise a facility that multiple independent organizations have verified.

Hardware Identity

TEE attestation generates a quote that binds a unique hardware ID—Intel's DCAP PPID or AMD's Chip ID—to your measurements. That hardware ID becomes the key.

Independent Verification

Alliance members independently verify where that hardware lives. They visit facilities, boot fresh hardware, extract IDs through attestation, and cross-verify each other. No single organization controls the registry.

Transparent Registry

Verified entries go into an append-only signed log, similar to Certificate Transparency. Updates require a quorum of alliance signatures. All evidence is public and auditable.

Contributors

Maintained by leaders in confidential computing and privacy-preserving infrastructure.

Secret Network

Privacy-first blockchain platform enabling programmable privacy through secure enclaves and confidential smart contracts

Phala

Hardware-secured compute platform that delivers Confidential AI with enterprise-grade privacy

Automata

Automata is the machine attestation layer built by humans, designed for machines

Primus

Enable secure, permissionless data verification and computation in blockchain and AI using zkTLS and zkFHE

Nillion

Nillion is a secure computation network that decentralizes trust for high value data in the same way that blockchains decentralized transactions

zkP2P

Fast, permissionless fiat ↔ crypto on/offramp protocol powered by ZK

Oasis

Add Privacy to Any Blockchain with Oasis ROFL and Oasis Sapphire

Flashbots

A research and development organization formed to mitigate the negative externalities posed by MEV to stateful blockchains, starting with Ethereum

zkVerify

Universal proof verification layer that enables ultra-fast, scalable, and cost-efficient verification of zero-knowledge proofs across multiple ecosystems

iExec

iExec is the builders' home for privacy tools. Easily add privacy features to your builds and applications

Aleph Cloud

Decentralized cloud computing platform providing secure, distributed infrastructure for modern applications and confidential workloads

Your Organization

Join the alliance and help build a transparent, verifiable registry for confidential computing infrastructure

Apply to Join →

Verification Levels

We define 3 levels of verification, with higher levels indicating stronger security guarantees. These levels are intentionally defined abstractly, allowing flexibility for future evolution of detailed verification methodologies.

Level 1

Level 1: Human-Assisted

Alliance members witness and validate extraction of the hardware ID from a remote attestation executed through a cloud control plane (e.g., OVH serial console), verified in real time via a supervised video session or live inspection of a colocated server.

Level 2

Level 2: Automated

No humans required. Uses zk-TLS proofs of cloud console attestations, vTPM claims, or tamper-evident RFID beacons cryptographically bound to hardware IDs. You only need to trust the cryptographic construction.

Level 3

Level 3: Continuous Monitoring

Everything from Level 2, plus ongoing monitoring. Periodic re-attestations, continuous RFID heartbeats, real-time tamper detection. An attacker would need sustained compromise without being detected.

Why This Is Secure

→

Hardware IDs come from TEE attestation—you can't spoof them without breaking the TEE itself.

→

Verification requires physical presence at the facility. You can't do it remotely.

→

Registry updates require a supermajority of alliance members. No single party can add fraudulent entries.

→

The log is append-only. You can't retroactively tamper with old entries.

→

All verification evidence is publicly auditable. Anyone can challenge an entry.

Common Questions

What prevents fraudulent registry entries?

Multi-signature supermajority quorum required. All verification evidence is public and auditable. Any member can challenge entries.

What if facility security is compromised after verification?

Level 2+ includes automated re-verification. Level 3 adds continuous monitoring. Users set their own freshness requirements.

Does this replace TEE security?

No. This is defense in depth. TEE attestation and physical verification are independent security layers.

What if a verification witness is compromised?

Cross-verification by multiple independent members. Majority consensus required.

How are replay attacks prevented?

Verification requires a random challenge (nonce) committed to the attestation quote's reportData field. Each verification uses a fresh, unique challenge, making replay attacks impossible during the verification process.

Alliance Charter

Our governance framework, verification procedures, and operational principles.

Purpose

Proof of Cloud is a vendor-neutral alliance that maintains a signed, append-only registry of cloud-hosted server hardware identities (e.g., modern TEE identities such as Intel SGX/TDX PPIDs and AMD SEV-SNP chip IDs), along with the evidence and endorsements establishing each entry's verification level.

Governance Structure

Membership: One company = one member = one vote. All members have equal standing.
Chair: Elected for 6-month terms; sets agendas, moderates votes, and acts as tie-breaker.
Quorum: Simple majority (e.g., 5 of 8 members) required for decisions.
Security-critical changes: Schema modifications and emergency revocations require ≥2/3 of all members.

Working Groups

Verification WG: Daily onboarding, evidence review, and revocation proposals.
Methodologies WG: Maintains verification methods, proof templates, threat models, and schemas.
Ops & Outreach WG: Website, registry infrastructure, cryptographic keys, snapshots, and community engagement.

Scope & Non-Goals

In Scope: Verification levels, registry procedures, signed snapshots, and hardware identity validation.

Out of Scope: The alliance does not guarantee protection against all physical attacks, certify full operational security, or coordinate pricing/capacity (antitrust safe harbor).

Registry & Privacy

Registry entries include platform UID, verification level, evidence hashes, monitoring cadence, endorsements, and timestamps. Public views default to salted hashes of PPIDs/Chip IDs; full values visible to members for legitimate security purposes.

Incident Response

Flagged entries are triaged by the Verification WG within 72 hours. Emergency quorum may freeze entries pending investigation. Amendments follow either simple majority (editorial) or 2/3 vote (security-relevant).

View Full Charter

Join the Alliance

Help build transparent, verifiable infrastructure for confidential computing.

Apply for Membership Read Documentation