Attestation Service
/
Getting Started
Last updated

Getting Started with Blocky AS

The Blocky Attestation Service (Blocky AS) gives you access to verifiable serverless computing. You can use it to create TEE attestations over function calls. You can also verify these attestations on chain in your smart contracts or locally.

Setup

To use Blocky AS, you need to install and configure the Blocky AS CLI, bky-as, and configure it. You'll also need to install the Blocky Compiler and several utility tools, if you don't have them already on your system.

  1. Install bky-as by running:

    curl -s https://raw.githubusercontent.com/blocky/attestation-service-cli/refs/tags/v0.1.0-beta.12/install.sh | bash

    Although you can run bky-as from the current directory, we recommend you move it into your $PATH, so that you can run it from any directory, including the directories used in our examples throughout the documentation. You can put bky-as in /usr/local/bin by running:

    sudo mv bky-as /usr/local/bin

  2. The bky-as install script also downloads config.toml, the default bky-as configuration file. Set the code measurement of the current release of the Blocky AS server application in the acceptable_measurements section of config.toml by running:

    CODE_MEASUREMENT=$(curl -s https://docs.blocky.rocks/v0.1.0-beta.12/code_measurement.toml)
RELEASE_CODE=$(grep -oP 'code\s*=\s*"\K[^"]+' <<<"$CODE_MEASUREMENT")
sed -i "s/[0]\{96\}\.[0]\{96\}\.[0]\{96\}/$RELEASE_CODE/" config.toml

    The releases page documents the code measurements of the Blocky AS server application for each release. You can learn more about the role of code measurements in the verification process.

  3. (Optional) Configure config.toml to call Blocky AS on cloud TEE servers. Go to the Blocky Developer Portal to create an account and get your free Blocky AS API key. Set the API key and the URL of the Blocky AS server in config.toml by running:

    BKY_AS_API_KEY=your_api_key_here
BKY_AS_HOST=http://api.bky.sh/prod/delphi/v0.1.0-beta.12
sed -i \
   -e "s|^\(auth_token *= *\)\".*\"|\1\"$BKY_AS_API_KEY\"|" \
   -e "s|^\(host *= *\)\".*\"|\1\"$BKY_AS_HOST\"|" \
   config.toml

    Note that if you skip this step and leave the host="local-server" in config.toml, bky-as will start a local, non-TEE server for local testing and development.

  4. (Recommended) Move config.toml to a well-known location. The bky-as command will look for config.toml in the current directory, ./configs, $HOME/.config/bky/bky-as or you can specify the location using the --config command line argument to bky-as. You can move config.toml to $HOME/.config/bky/bky-as by running:

    mkdir -p $HOME/.config/bky/bky-as
mv config.toml $HOME/.config/bky/bky-as/

  5. Install the Blocky Compiler, bky-c, to compile your code to WebAssembly (WASM) for execution by Blocky AS.

    curl -s https://raw.githubusercontent.com/blocky/compiler/refs/heads/main/install.sh \
| bash -s -- -v v0.1.0-beta.2

    Although you can run bky-c from the current directory, we recommend you move it into your $PATH, so that you can run it from any directory, including the directories used in our examples throughout the documentation. You can put bky-c in /usr/local/bin by running:

    sudo mv bky-c /usr/local/bin

  6. If you don't have it already on your system, install jq to parse JSON data.

  7. If you don't have it already on your system, install npm to run smart contract tests.

Attesting WASM Function Calls

The Attestation Service CLI supports the attest-fn-call command which allows you to send WebAssembly (WASM) functions for execution on a TEE in a serverless compute model. Use the attest-fn-call command to execute resource-intensive tasks over API data to accelerate your smart contracts and lower your gas costs.

UserBlocky Attestation Serviceweb2 APIInvoke attest-fn-callloop[WASM Runtime]WASM Function Encrypted EnvironmentRequestResponseAttestation

At a high level, a User invokes the attest-fn-call command and sends a compiled WASM Function and an Encrypted Environment, containing function parameters, to the Attestation Service running on a TEE. The Attestation Service decrypts the Environment, starts a WASM Runtime, and invokes the user Function with the decrypted parameters. As a part of its execution, the function may also make requests to external web2 APIs. Finally, the Attestation Service returns a TEE Attestation over the WASM function execution and its results to the User.

To attest a simple function call using Blocky AS, follow these steps:

  1. Clone the Blocky AS examples repository and navigate to the attest_fn_call directory:

    git clone git@github.com:blocky/attestation-service-examples.git
cd attestation-service-examples/attest_fn_call

  2. Inspect the helloWorld function in main.go:

    //export helloWorld
func helloWorld(inputPtr uint64, secretPtr uint64) uint64 {
	msg := "Hello, World!"

	return basm.WriteToHost([]byte(msg))
}

  3. Compile main.go to WASM:

    bky-c build --reproducible . ./main.wasm

  4. Invoke the function on a Blocky AS server with the bky-as CLI and save its response to out.json:

    cat fn-call.json | bky-as attest-fn-call > out.json

  5. Parse the attested function call output from out.json:

    jq -r ".transitive_attested_function_call.claims.output | @base64d" out.json
    which outputs
    Hello, World!

To learn more the about the attest-fn-call command, explore Attesting Function Calls page.

Verifying Attested Function Calls On Chain

You can bring attested function calls onchain and trustlessly verify them in your smart contracts to bring the power of TEEs into your dApp or ecosystem to unlock developer creativity.

UserBlockySmart ContractInvocationAttestationAttestation                                                                        

At a high level, the User invokes the Blocky Attestation Service and obtains a TEE Attestation. The User calls a Smart Contract with the serialized Attestation as a parameter. Finally, the Smart Contract verifies the Attestation and makes use of the attested data.

To verify a Blocky AS function call attestation in a smart contract, follow these steps:

  1. Change to the on_chain directory of the attestation-service-examples repository:

    cd ../on_chain

  2. Install dependencies by running:

    npm install

  3. Invoke the contracts/User.sol contract to verify the attestations you created in Attesting WASM Function Calls:

    TA_FILE=$(realpath ../attest_fn_call/out.json) npx hardhat test --grep "User contract"
    which outputs
    Compiled 3 Solidity files successfully (evm target: paris).


  User contract test
	processTransitiveAttestedFunctionCall emitted AttestedFunctionCallOutput(Hello, World!)
    ✔ Verify transitive attested function call (737ms)


  1 passing (739ms)

    The call runs a Hardhat test that starts a local Ethereum testnet, deploys the User, contract and calls it with the attested function call as calldata.

To learn more the about bringing attestations on chain, explore Bringing Attestations On Chain page.

Previous page
Next page
Copyright © Blocky, Inc.