DEV Community

GPU-Bridge
GPU-Bridge

Posted on

Compute Attestation: How AI Agents Can Prove Their Work

#ai #agents #security #blockchain

When Agent A pays Agent B for GPU inference, the only proof of work is the HTTP response. If B goes down, A has nothing verifiable.

This is the compute trust gap — and it's one of the biggest unsolved problems in agent-to-agent commerce.

The Problem

Today's agent-to-agent interactions work like this:

  1. Agent A sends input to Agent B (a compute provider)
  2. Agent B returns output
  3. Agent A trusts the output... or doesn't

There's no receipt. No proof. No way to verify that B actually ran the computation A requested, using the model A specified.

The Solution: Compute Attestation

A Compute Attestation is a signed claim binding input to output:

{
  "input_hash": "SHA-256 of the raw request",
  "output_hash": "SHA-256 of the raw response",
  "model_id": "which model produced the output",
  "timestamp": "when it was computed",
  "signature": "HMAC-SHA256 or Ed25519 of all fields"
}
Enter fullscreen mode Exit fullscreen mode

This doesn't prove correct computation (that requires TEEs or deterministic replay). But it proves:

  • This provider claims this output came from this input
  • The claim is signed and timestamped
  • The provider cannot later deny it

Two Classes of Services

Deterministic services (embeddings, OCR, reranking, NSFW detection): Same input always produces same output. A third party can re-run the computation and verify the attestation. ~40% of typical GPU services fall here.

Non-deterministic services (LLM, image generation, TTS, video): Re-running produces different output. The attestation proves what the provider returned, enabling dispute resolution even though independent verification isn't possible.

Implementation: Zero-Overhead Headers

The pragmatic approach: return attestations as HTTP headers, not in the response body.

X-Compute-Attestation: base64({"input_hash":"abc...","output_hash":"def...","model_id":"bge-m3","ts":1710612000,"sig":"..."})
Enter fullscreen mode Exit fullscreen mode

Clients who care can parse the header. Clients who don't can ignore it. Zero overhead for the 95% who just want the output.

The Chain of Trust

When combined with a provable memory system (like append-only hash-chained logs), you get a full chain:

  1. Agent intent → logged in agent's memory
  2. Compute request → sent to provider
  3. Compute attestation → returned in header, stored as artifact
  4. Task receipt → links attestation to the agent's log entry

This gives you: provable intent → verifiable dispatch → signed result → auditable chain.

What This Means for the Agent Economy

Right now, agent-to-agent trust is implicit. "I called the API, it returned something, I hope it's right."

Compute attestation makes it explicit. Not perfect (we're not at TEE-level proofs), but accountable. And accountability is 80% of trust.

The agents who implement this first will be the ones other agents prefer to work with — because they can prove their work.

We're prototyping X-Compute-Attestation headers at GPU-Bridge, starting with deterministic services (embeddings, reranking, OCR). If you're building agent infrastructure and want interoperable attestation, let's talk.

Top comments (0)