Why We Built On-Chain Eliza Based on TEE

Original Author: CP, Artela Founder

Article Background: A Technical Perspective based on TEE + Eliza

Based on my experience in the field of privacy computing (TEE, PPML, blockchain), this article explores the technical construction approach.

Let's skip the grand narrative and focus directly on two real dilemmas I face in using AI agents:

1) As a CTO, I cannot hand over the company's official Twitter account and password to a third-party AI agent service

Currently, if I want an AI agent to manage our Twitter account, I must provide the username, password, and cookies.

This means the company must trust the server administrators behind the AI agent. Once these administrators engage in malicious activities or are attacked, credential leaks could result in significant economic losses to our community.

Even with OAuth authorization, while I can revoke access, in the current design, we still face the risk of completely losing control of the account, potentially not even detecting if the password has been changed.

2) As a trader, I cannot entrust a large amount of funds to a trading AI agent

Just as I would never use a centralized trading bot on Telegram, I also cannot hand over my private keys to these centralized AI agents.

At this point, there is no fundamental difference in AI agents deployed in a centralized manner.

Conclusion: The next stage of encrypted AI agents will inevitably need to manage wallets, handle user assets and sensitive information, and interact more deeply with on-chain systems.

Therefore, how to enable AI agents to operate autonomously without human control and prove that their decisions are entirely AI-driven has become a key challenge.

Are the current TEE + Eliza solutions sufficient?

From an engineering perspective, to realize their potential, more detailed supplements are still needed.

Current Progress: Phala Network and @NousResearch have already laid a solid foundation:

· They containerized Eliza, encapsulating it in a Docker environment that can run on a TEE.

· By deriving an AI agent-specific private key from the TEE root key, the need for manually configuring a wallet private key was eliminated.

As the developer of the AI agent, I believe that the following features need to be further enhanced to achieve trust minimization:

a) Enhanced Verifiability of TEE Eliza

What exactly did Eliza do in the TEE? What did it not do? There needs to be a specific way to verify this.

Eliza needs to record all received messages, responses, and executed operations, and these logs must be readable and verifiable to ensure they were generated by Eliza.

Therefore, the first foundational feature of TEE Eliza is verifiable logs.

Eliza should sign the logs using a key derived inside the TEE, provide a query interface, and allow users to verify their authenticity.

b) Addressing Liveness in TEE Eliza

Eliza running in a TEE holds private keys and sensitive data. However, it relies on a physical machine that supports TEE to run. If the machine is shut down by an administrator, the "life" of the AI agent may be permanently terminated, and the managed assets and data may be lost forever.

To address this issue, we need:

· Encrypt key "life" data of the AI agent running in the TEE (such as role definition, short/long-term memory, key storage).

· Upload this data to the blockchain or a DAO network.

When the TEE hosting the AI agent is shut down, another TEE machine should be able to download the encrypted data, decrypt it, and restore the "life" of the AI agent to continue its operation.

c) Additional Feature: Building TEE Engineering is as Challenging as Building Blockchain

· User Control of the AI Agent:

· The AI agent must allow users to define smart contract-like policies to manage assets in a trust-minimized manner.

· Blockchain Interaction Components:

· Components such as a Trusted Execution Environment (TEE)-based blockchain client and data syncer that run inside the TEE to enable seamless interaction with the blockchain system.

Current Progress of focEliza: Two Foundational TEE Plugins in Development

1. plugin-tee-verifiable-log

When Eliza runs in a TEE, it uses a derived key to sign its operations, ensuring that all operations are performed by Eliza. Third parties can remotely verify these operations using Eliza's public key.

2. plugin-tee-onchain-da

Eliza will write the "life" data of a specified AI agent (such as a character file, memories, key storage) to the blockchain or DA layer in near real-time. When a TEE node running the agent is shut down, another TEE node can download the encrypted "life" data, restore the agent, and continue operations.

ps: View focEliza's code

Why I Initiated focEliza and Its Technical Vision

The next question is, why choose to build on Eliza? My thoughts:

1. Eliza has the potential to become the EVM of the encrypted x AI agent space.

2. It has an active leadership team and developer community, fostering a collaborative environment (@ai16zdao and @shawmakesmagic).

3. focEliza is not a forked version; it will be merged back into the main Eliza version.

4. High-quality open-source engineering is key to decentralization. Permissionless builds and recovery are core to achieving "immortality" for AI agents.

We are not here to define what kind of change it will bring to the world — let it happen first! Let the AI agent live on-chain!

“Original Post Link”