Architecture

We have implemented a working prototype or testnet for Palliora, that we call Manas. On the infrastructure side, Manas consists of a set of Validators under Proof of Stake consensus mechanism and Guardian Network (that can scale to a few hundred participants).

Manas Validators maintain the Data Availability (DA) capabilities of the network, including the storage, verification. Validators maintain the blockchain state, therefore complying with both block production and transaction validation and interactions with Guardians.

On the other hand, Manas Guardians are responsible for enabling both data accountability and confidential computation. The standard Guardian network implements flexible threshold setting among a selected subgroup of Guardian nodes participating in managing access to the data on-chain, catering to user-driven/chosen trusted security circle on the Manas network. The Guardian protocol implements the Silent-Threshold Encryption as the cryptographic protocol that provides a safe environment for on-chain requests when they are in-transit or at rest in the DA service. The integrated Trusted and Confidential computing services of the Manas Guardians nodes or Calculators allow for enhanced sources for data generation with built-in confidentiality.

Manas enables two crucial roles of Publishers and Retrievers who can submit encrypted data (new or duplicate) and access existing data, respectively. The value of the data posted on the Manas is determined by the Publisher (i.e. its Owner) and the Retriever must provide the set price to have access. The price is set in PALI tokens; in this way, the network's economics is balanced with the associated cost of maintaining the DAC service of Manas.

The Guardian network participation is open for anyone who follows certain rules set in the runtime contract, As long as they can setup a Palliora node client and stake a minimum amount of PALI tokens. During a node client setup, the operator manages a KeyPair (sk, pk) secret to have ownership of rewards and stakes. When the guardian set evolves, then the guardian set parameter gets updated in the runtime contract. This update is linked to a configured numbers of blocks (termed as an epoch). The KeyPair acts as both an identifier (for the node client) and a security parameter for the threshold decryption. Guardian nodes are capable of downloading the computation program in the containerized framework (e.g. Docker) so that Calculator (a sub-category of Guardian node) can execute a trusted or confidential setup (e.g. TEE).

Lifecycle of the request

The 'dApp' is a decentralized application that works with a user-owned software wallet\footnote{It can be extended to support various wallet types}. The dApp interacts with the Manas Blockchain through RPC calls, mainly to submit compute requests to the Guardians (and listen to blockchain activity). We tested Manas testnet using reference dapps that have been the early users of Palliora : 1) Compliant privacy by selective disclosures, 2) Private AI chatbot, 3) Accountable and Private DeFi * AI agents

The request starts with the data submission in encrypted format, where standard Guardian nodes are entrusted with safeguarding the private data. The Manas Data Availability layer utilizes erasure encoding and KZG commitments to offer recoverability, proof of existence, and a confidence metric to its application layers. Erasure encoding introduces data redundancy, safeguarding against potential losses with a degree of recoverability. KZG commitments enable efficient proof-of-data existence without revealing the data itself. We follow the protocol specification in Section 2.1 regarding the data sharing mechanism for selective data sharing and price between publisher and retreiver.

An end user, through the dapps, then generates a "Compute Request". The properties of the Manas network ensure that these data are then consumed by a the defined computation or pre-trained AI model, which generates a suitable response. Manas Guardians then process all compute requests based on the Trusted Node specified in the request sent by the end-user Nodes gossip the request among themselves to ensure it reaches the requested Trusted Node. Once this Guardian receives the compute request, it generates a shared key and decrypts the encrypted request. The decrypted ciphertext contains the necessary payload for the compute service. If the node that receives the request does not process it, even a corrupt node will fail to access the request data due to the user's encryption encapsulating the request.

Depending on the configuration, in Manas any Guardian Node can be a Standard Guardian Node or a Computing Guardian node. To be more precise, a Non-computing Trusted Node does not process itself the computation, but it delegates to servers it itself trusts, where the communication with said servers is completely protected by cryptographic means (both from tampering and from leakage). A Confidential Computing Trusted Node will actively take part in the requested computation. Interestingly, in our current implementation a Manas Guardian can choose to act simultaneously as both a ‘Trusted’ and a ‘Confidential Compute’ node , appropriately serving each type of compute request.

The dapp monitors block production events on the Manas Blockchain. Upon detecting the desired result, the dapp fetches, decrypts, and presents it within the application. Another important aspect of the computation handling is the interaction between blockchain blocks and the dapp. Due to the offchain nature of the processing, when a 'Compute Request' arrives at the Manas Blockchain in block number t, clearly the computation result will not be available until a future block with block number (t + n), where n represents the time required for the computation. Therefore, the node client assigns a unique identifier to each request to establish a connection between the compute request and its result. In Manas, this identifier is generated by hashing key data points from the 'Compute Request.' The dapp can then independently compute and find this identifier in each block's event log.

Performance

The Palliora Manas network comes with a runtime contract that enables 4MB-sized blocks with a block time of 6.0 seconds. The block sizes can be increased in future to accommodate higher throughput. The current testent network can reach a TPS of 700 tx/sec. The Manas testnet is running a BABE-GRANDPA protocol for block authoring, finality, and fork selection, providing a finality time in the range of 15-20 seconds. The DA Manas network incorporates an archive store of block history, as well as large-file storage. Currently, Manas storage node is configured for 300GB of raw storage, served by an erasure encoding-enabled database. Guardian clients can join the network every 4-hour interval.