A fundamental tool for web3 interactions is the wallet that connects with platforms and dApps for token ownership and operations. Without a wallet, no crypto transactions will be possible. Without going into details of what is a cryptocurrency wallet, its most important aspect is the public and private keys.
While public keys signify the wallet addresses that are public and needed for any and all token operations, hold or move, private keys are critical for security. As a result, this has been a pain point for everyone involved in the crypto space about the best way to ensure private key security, especially when being involved with multiple chains which means exposure to cross-chain bridges and needing to make trust assumptions that the assets are not at risk.
Since on-chain interactions will always invite risks, it is prudent to embrace a solution that promises minimizing the vulnerabilities associated with experiencing the web3, especially now when AI integrations have become so wide-spread. Oasis has developed an intriguing approach with the runtime off-chain logic (ROFL) framework which works in sync with Sapphire as the runtime on-chain logic (RONL). Leveraging trusted execution environments (TEEs) to enable trustlessness and verifiable privacy, it opens up a new avenue of key generation and management.
Decentralized Key Management: Securing the Autonomy of DeFi Agents
DKM or decentralized key management is ensured by Sapphire's privacy-first architecture that enables persistent data storage inside a smart contract. This allows access control as keys are stored in confidential state. Using the ConfidentialCell primitive for hardware-level encryption via SGX TEEs ensures that no one can access the keys - not developers, not node operators, nor any external party.
This capability is further enhanced with ROFL using SGX + TDX TEEs to run complex, non-deterministic AIs. How does the autonomy of AI agents and DKM go hand in hand?
The reason DKM is essential is because unlike Sapphire's confidential teeEVM, other public blockchains, including Ethereum, cannot manage private keys without exposure. With zero compromises, which means no single point of failure, no backdoor, and no handwaving, DKM promises and delivers true autonomy for the AI agents.
Multichain Wallet Control for Agents
As building an autonomous agent and integrating it for web3 operations becomes a new normal, the next challenge is multichain agents with multichain wallet functionality. It will involve dealing with multiple SDKs, separate libraries, incompatible transaction and key/account formats, different RPC patterns, and the extremely demanding task of coordinating state across discrete networks.
ROFL's cryptographic key derivation system is a game-changer as generation and management of wallet private keys happen on multiple elliptic curves. Contrast this with traditional cross-chain solutions using bridges and involving assets in the form of wrapped tokens. The ROFL approach creates native wallet control on each target blockchain. For now, the two primary elliptic curves supported are:
- secp256k1 for EVM-compatible chains or native Bitcoin wallets
- Ed25519 for Solana and Aptos
The USP of this system is that it can derive keypairs across different elliptic curves within the same TEE, which, in turn, means a single ROFL-powered app or agent can control a wallet on Arbitrum while simultaneously controlling one on Solana.
One of the most crucial benefits is easily apparent in transaction execution. As apps or agents using Sapphire + ROFL run off-chain in TEEs but have network access, they can use these securely generated keys to submit transactions directly to target chains via RPC calls. So, no more need to build and trust bridges as unified cross-chain wallet management through hardware-secured compute would involve the agent operating native wallets on each chain, with the TEE providing cryptographic security for operations.
While this functionality is still getting developed and fine-tuned in real time, practical examples include Talos and zkAGI.
Resources:
Top comments (5)
Ties to API chats' defenses for wallets, but bridge gloss-over—innovative for autonomous agents. 🔑
This is an excellent breakdown. Using ROFL + DKMs to enable native multichain wallet control inside TEEs is exactly the kind of infrastructure shift Web3 devs need. No more risky bridges or key exposure agents get native wallets per chain, securely and automatically. 🚀
I’d love to see benchmarks or attacks/misuse modeling but as-is, this feels like a foundational tool for safe cross-chain agents.
This is a solid overview of ROFL and DKM, very insightful for anyone exploring autonomous agents in Web3. I think the native multichain wallet control combined with TEE-backed key management is a huge step forward for building truly secure, trustless applications.
Great breakdown. The concept of using TEEs for decentralized key management and native cross-chain control is a game changer. Getting away from risky bridges and wrapped assets is so important.
this feels like a solid step toward making multichain tools safer and more practical for devs.. great post!