Privacy & Security
Stacknet operates as a decentralized network of trustless operators. Security is enforced through five complementary trust layers.
Trust Architecture
| Layer | Mechanism | What it protects |
|---|---|---|
| Hardware | NVIDIA nvtrust TEE attestation | Computation integrity |
| Economic | Node Key staking + slashing | Operator accountability |
| Statistical | On network re-execution Arena | Output correctness |
| Protocol | Network consensus | State consistency |
| Reputation | Points system + priority routing | Long-term alignment |
End-to-End Encryption
All payload data supports E2E encryption using:
- Key exchange: X25519 ECDH (Elliptic Curve Diffie-Hellman)
- Encryption: AES-256-GCM (authenticated encryption)
- Key derivation: Scrypt for per-Stack encryption keys
Confidential Compute
For sensitive workloads, Stacknet supports confidential compute routing:
- Requests can be flagged for TEE-only execution
- Only nodes with verified NVIDIA nvtrust attestation are eligible
- Attestation includes: timestamp freshness, cert chain validation, GPU identity
const response = await client.chat.completions.create({
model: 'preview',
messages: [{ role: 'user', content: 'Analyze this sensitive data...' }],
confidential: true // Route only to TEE-attested nodes
})Sandbox Isolation
Code execution and tool calling run in sandboxed containers:
- Network:
--network none(no internet access by default) - Capabilities:
--cap-drop ALL(minimal Linux capabilities) - Resources: 4GB memory, 4 CPU cores, 600s timeout
- Deterministic: SHA-256(imageDigest + inputHash + outputHash + exitCode + env)
Data Handling
Your data is not used for training
- Stacknet does not train models on user data
- Prompts and responses are processed, then discarded after execution
- No involuntary cross-user data sharing
Data residency
- Data is processed on the aISP node that receives the task
- No data replication across nodes (except for consensus metadata)
- IPFS-pinned content (Rack) is content-addressable and user-controlled
Retention
| Data type | Retention |
|---|---|
| Prompts/responses | Not retained after execution |
| Usage metrics | Aggregated, anonymized |
| Paperwork (billing) | Retained for settlement |
| Rack content | User-controlled (IPFS pinning) |
| Memory (opt-in) | Encrypted, user-deletable, IPFS snapshots |
Slashing for Misbehavior
Economic penalties enforce honest behavior:
| Violation | Penalty |
|---|---|
| BFT disagreement | 50% of tokens |
| Spot-check failure | 10% of tokens |
| Censorship (leader blocking) | 100% of tokens |
Censorship resistance
- Leader term limits: rotation every 1,000 proposals
- Watchdog timeout: 10 seconds
- Any node can challenge censorship — verified via log
Authentication
Stacknet supports multiple authentication methods:
| Method | Format | Use case |
|---|---|---|
| API Key | gk_* prefix | Backend services |
| Web3 Wallet | Solana / EVM signing | User authentication |
| JWT | Cookie-based | Session management |
| Auth Bridge | Cross-domain postMessage | Multi-stack SSO |
See the Console to manage your authentication credentials.
Last updated on