Opacity Verifiable Interference zkTLS Plugin

[RonTuretzky]

Co-authored @Hmac512 @RonTuretzky @Gajesh2007

Background

A few weeks ago, issues with aixbt were observed, where users mistakenly believed the moderation was performed by humans. This misconception caused a public relations disaster and raised concerns about the AI's autonomy. As a result, the team had to make logs public to maintain transparency and trust.

This problem can be mitigated using zkTLS. zkTLS enables the generation of zero-knowledge proofs and MPC for TLS sessions, also known as "web proofs." With zkTLS, any off-chain data can be proven either on-chain or off-chain, ensuring authenticity without compromising privacy.

Here is a high-level diagram of the process.

sequenceDiagram
    autonumber
    participant Eliza
    participant Cloudflare
    participant OpenAI
    Eliza ->> Cloudflare : Prompt Req
    Cloudflare ->> OpenAI : Prompt Req
    OpenAI ->> Cloudflare : Prompt Response
    Cloudflare ->> Cloudflare : Log Prompt Response
    Cloudflare ->> Eliza : Prompt Response
    create participant Opacity
    Eliza ->> Opacity : Generate Proof for Prompt Response
    Opacity ->> Cloudflare : Fetch Prompt Response Log in MPC-TLS
    Cloudflare ->> Opacity : Respond with Prompt Response Log
    Opacity ->> Eliza : Return Proof of Prompt Response Log

Loading

What does this PR do?

This PR integrates Opacity as an adapter into the framework without introducing breaking changes. Opacity is a zkTLS platform built on EigenLayer as an Actively Validated Service (AVS).

What kind of change is this?

Introducing a new adaptor to produce verifiable inference.

Why are we doing this? Any context or related work?

This update addresses the critical need for transparency and trust in AI interactions, as highlighted by the PR disaster involving aixbt. By integrating Opacity as a zkTLS adapter, we ensure that all inferences and interactions are verifiable without compromising privacy. This addition strengthens the framework's credibility by enabling zk/MPC proof generation and verification for TLS sessions.

The integration aligns with EigenLayer's/Opacity's mission to build secure and verifiable systems, leveraging Actively Validated Services (AVS) to enhance both functionality and trustworthiness. This is especially relevant as more AI systems require robust mechanisms to prove autonomy and authenticity in a seamless and privacy-preserving manner.

Cloudflare's AI Gateway provides logs for all prompt request responses , which are the target of the mpc-tls , ensuring that all AVS validators are performing MPC-TLS on the same date.

Documentation changes needed?

Documentation has been updated in the adapter-opacity README.md and .example.env
No further changes to the project documentation are required.

Proof Verification Example

Here is proof of a prompt request. This can be verified using the adapter or otherwise through https://opacity-ai-zktls-demo.vercel.app/api/verify

By writing the proof to proof.json, you can also verify using

curl --location 'https://opacity-ai-zktls-demo.vercel.app/api/verify' \
--header 'Content-Type: application/json' \
--data @proof.json

This invokes a shared mpc-tls session as listed in step 7.

Testing
Automated tests are sufficient; no manual testing is required for deployment.

Where should a reviewer start?

packages/adapter-opacity/README.md and then packages/adapter-opacity/src/index.ts

Detailed testing steps

Follow steps in packages/adapter-opacity/README.md
Start the client: pnpm start:client
Interact with the agent via chat and check the logs for proof generation and verification.

Additional Notes

No database changes or additional deployment instructions are necessary.

Discord username
turetzkyron#0000

[RonTuretzky]

Some possible action items for future iterations:

• Proof Generation Unit Tests
• Verification Unit Tests
• ECDSA > BLS Proof migration
• Self-hosted CF Logging

[fabianhug]

Great! Thanks for adding the changes - I will test in a bit