Cocoon Lite Proposal: Expanding Compute With Untrusted Workers

Introduction: Understanding the Cocoon Lite Proposal

In this article, we will be diving deep into the Cocoon Lite proposal, a groundbreaking concept aimed at expanding the Cocoon architecture. The core idea revolves around introducing a new optional "Home Compute Tier." This tier would allow a broader range of hardware, including consumer-grade CPUs and gaming GPUs, to participate in the network. Currently, the Cocoon network requires specialized hardware like Intel TDX or NVIDIA H100+ attested GPUs. This new proposal seeks to break down those barriers, dramatically increasing the potential worker pool. By enabling millions of consumer devices, such as those with RTX 20xx/30xx/40xx series GPUs and standard CPUs, the network can execute safe, shardable, or non-confidential compute tasks. The existing Trusted Tier, designed for sensitive workloads, would remain intact, ensuring a balance between accessibility and security. This approach promises to democratize access to the network while maintaining a robust security framework. The proposal outlines a clear path toward a more decentralized and scalable compute network, addressing the limitations of the current architecture. The introduction of Untrusted Workers and a Shard Coordinator are key components of this vision, designed to facilitate efficient task distribution and verification across a diverse range of hardware. By embracing a two-tiered compute model, Cocoon can cater to a wider array of workloads, from non-confidential tasks suitable for consumer hardware to sensitive operations requiring the security of trusted execution environments. This flexibility positions Cocoon as a versatile platform capable of adapting to evolving compute demands and fostering greater participation within the network. The incentives for Home Compute Tier participants, including TON rewards and reputation boosts, are designed to encourage active engagement and contribution to the network's overall health and efficiency. This proposal represents a significant step towards realizing a truly decentralized and accessible compute network, paving the way for innovation and collaboration in the Web3 space.

Motivation: Addressing Limitations and Expanding Access

The motivation behind the Cocoon Lite proposal stems from the existing architectural limitations that restrict participation and centralize compute power. The current Cocoon network architecture mandates the use of TDX-capable CPUs and attested GPUs (H100+), effectively excluding the vast majority of potential users who do not possess such high-end hardware. This requirement creates a bottleneck, limiting the decentralized nature of the network and concentrating compute resources within a relatively small group of enterprise-grade node operators. The proposal recognizes that many computational workloads do not necessitate the highest levels of security and can be safely executed on untrusted hardware, provided appropriate safeguards are in place. Sharding tasks into smaller, independently verifiable units allows the network to distribute compute across a wider range of devices without compromising the integrity of the overall process. By adopting a two-tier compute model, Cocoon can preserve the security of its existing Trusted Tier while simultaneously expanding its scalability and decentralization. This approach not only broadens the base of potential participants but also fosters a more resilient and adaptable network. The introduction of the Home Compute Tier opens the door for individual users and smaller-scale operators to contribute to the network, diversifying the compute landscape and reducing reliance on large, centralized providers. This shift towards a more distributed model aligns with the core principles of Web3 and empowers a broader community to participate in the Cocoon ecosystem. The proposal directly addresses the challenge of balancing security and accessibility, paving the way for a more inclusive and dynamic compute network. By embracing the potential of consumer hardware, Cocoon can tap into a vast pool of untapped resources, significantly expanding its capacity and reach. The motivation behind this architectural change is rooted in a desire to democratize access to compute power and foster a more decentralized and resilient network ecosystem.

Proposed Architecture Change: Introducing Untrusted Workers and Shard Coordination

The proposed architecture change introduces a new paradigm for the Cocoon network, centered around the concept of Untrusted Workers (UWs). These workers represent a significant departure from the current model, as they operate on consumer-grade hardware without the need for Trusted Execution Environments (TEEs) like TDX, SEV, or SGX. This shift opens the door for a vast pool of potential participants, as it eliminates the hardware barrier that previously restricted network access. UWs function within a sandboxed environment, utilizing technologies such as gVisor, Firecracker, and Seccomp to ensure isolation and security. This sandboxing prevents malicious code from compromising the host system or other network components. UWs are designed to execute specific types of tasks: “non-confidential” computations or small, independent compute shards. This targeted approach minimizes the risk associated with running computations on untrusted hardware. To manage and orchestrate these tasks, the proposal introduces a Shard Coordinator, a network service responsible for dividing larger tasks into smaller, manageable shards. The Shard Coordinator intelligently schedules these shards across available UWs, optimizing resource utilization and ensuring timely completion. Once the shards are processed, the Shard Coordinator reassembles the results, providing a cohesive output. This sharding and coordination mechanism is crucial for distributing compute across the Home Compute Tier and maintaining overall network efficiency. In addition to sharding, the proposal incorporates a robust Verification Layer to ensure the integrity of the computations performed by UWs. This layer employs several techniques, including redundant execution (k-of-n consensus), hash-based output validation, and optional lightweight zk-proofs for determinism. Redundant execution involves running the same computation on multiple UWs and comparing the results, mitigating the risk of errors or malicious behavior. Hash-based output validation provides a quick and efficient way to verify the integrity of the computed results. The optional use of zk-proofs offers an additional layer of security by cryptographically proving the correctness of the computations. These verification mechanisms are essential for maintaining the reliability of the Home Compute Tier and ensuring the trustworthiness of the network as a whole. The introduction of UWs, the Shard Coordinator, and the Verification Layer collectively represent a significant enhancement to the Cocoon architecture, enabling a more decentralized, scalable, and accessible compute network.

Incentives: Rewarding Participation and Ensuring Network Integrity

To foster active participation and ensure the integrity of the Home Compute Tier, the Cocoon Lite proposal outlines a comprehensive incentive structure. Untrusted Workers (UWs) are rewarded with TON tokens for each validated shard they successfully process. This direct financial incentive encourages individuals and small-scale operators to contribute their compute resources to the network. Beyond the immediate reward, the proposal also emphasizes the importance of reputation. UWs that demonstrate consistent uptime and accuracy in their computations earn reputation boosts, which can translate into increased task allocation and higher rewards. This reputation system creates a positive feedback loop, incentivizing reliable and consistent performance. Conversely, the proposal includes mechanisms to penalize malicious or erroneous behavior. UWs that produce invalid results are subject to slashing, where a portion of their earned TON tokens is forfeited. In severe cases, nodes may be banned from the network altogether. This robust penalty system deters malicious actors and ensures that only trustworthy participants contribute to the network's compute power. The combination of rewards and penalties creates a balanced incentive structure that promotes both participation and integrity. By aligning the interests of UW operators with the overall health of the network, the proposal ensures a sustainable and reliable compute ecosystem. The incentive model is designed to be transparent and predictable, allowing UW operators to understand the economic implications of their actions. This transparency fosters trust and encourages responsible participation. The long-term success of the Home Compute Tier hinges on its ability to attract and retain a diverse pool of participants. The incentive structure plays a crucial role in achieving this goal, making it a cornerstone of the Cocoon Lite proposal. By rewarding positive contributions and penalizing negative actions, the incentive model creates a self-regulating ecosystem that promotes both growth and stability. This carefully crafted incentive system is essential for realizing the full potential of the Home Compute Tier and transforming Cocoon into a truly decentralized compute network.

Benefits: Mass Adoption, Decentralization, and Hybrid Workloads

The Cocoon Lite proposal promises a multitude of benefits, transforming the landscape of decentralized computing and unlocking new possibilities for the network. One of the most significant advantages is the potential for mass adoption. By allowing virtually any user with consumer-grade hardware to run a node at home, the proposal dramatically lowers the barrier to entry, making the network accessible to a much wider audience. This inclusive approach fosters greater participation and expands the network's reach significantly. The increased accessibility directly translates into enhanced decentralization of compute power. By distributing workloads across a larger pool of participants, the network reduces its reliance on centralized providers, making it more resilient and resistant to censorship or single points of failure. This decentralization aligns with the core principles of Web3 and empowers individuals to contribute to the network's growth and stability. Furthermore, the Cocoon Lite proposal expands the network's capacity without compromising confidentiality. While the Home Compute Tier handles non-confidential tasks, the existing TEE-based Trusted Tier continues to operate as-is, ensuring the secure execution of sensitive workloads. This separation of concerns allows the network to cater to a wider range of computational needs without sacrificing security. Another key benefit is the ability to support hybrid workloads. The Cocoon Lite architecture enables the seamless integration of confidential and non-confidential tasks, allowing developers to build applications that leverage the strengths of both tiers. For example, an application might use the Home Compute Tier for data preprocessing and the Trusted Tier for sensitive data analysis, optimizing performance and security. The flexibility to support hybrid workloads unlocks new use cases and makes Cocoon a more versatile platform for a variety of applications. The Cocoon Lite proposal represents a significant step forward in the evolution of decentralized computing. By combining mass adoption, enhanced decentralization, and support for hybrid workloads, it paves the way for a more robust, accessible, and secure network. The benefits of this proposal extend beyond the technical realm, fostering a more inclusive and collaborative ecosystem for developers and users alike. The potential for innovation and growth within the Cocoon network is significantly amplified by the introduction of the Home Compute Tier, promising a brighter future for decentralized computing.

Backward Compatibility: Preserving Existing Security and Functionality

A crucial aspect of the Cocoon Lite proposal is its commitment to backward compatibility. This ensures that the existing Trusted Tier architecture remains unaffected and continues to function as designed, without any disruption to ongoing operations or security protocols. The proposal explicitly states that the Trusted Tier, which relies on TDX and H100+ technologies, will continue to operate in its current form, handling confidential workloads with the same level of security and integrity. This preservation of the Trusted Tier is paramount, as it guarantees that sensitive data and computations remain protected within a secure environment. The Home Compute Tier, introduced by the Cocoon Lite proposal, is designed as an optional extension to the existing architecture. This means that users and developers can choose to leverage the Home Compute Tier for non-confidential tasks without impacting the functionality or security of the Trusted Tier. This modular approach provides flexibility and allows the network to cater to a wider range of use cases without compromising its core security principles. The seamless integration of the Home Compute Tier with the existing infrastructure is a testament to the careful planning and design of the Cocoon Lite proposal. The network can effectively utilize the Home Compute Tier for tasks that do not require the highest levels of security, freeing up resources within the Trusted Tier for more sensitive operations. This optimized resource allocation enhances the overall efficiency and scalability of the network. The commitment to backward compatibility ensures a smooth transition to the new architecture, minimizing disruption and maximizing the benefits of the Cocoon Lite proposal. Existing applications and workflows can continue to operate without modification, while new applications can leverage the Home Compute Tier for increased scalability and cost-effectiveness. This gradual and non-disruptive approach is essential for fostering adoption and ensuring the long-term success of the Cocoon network. By prioritizing backward compatibility, the Cocoon Lite proposal demonstrates a commitment to stability and security, while simultaneously paving the way for innovation and growth.

Request for Feedback: Collaborating on the Future of Cocoon

The Cocoon Lite proposal is a significant step towards expanding the capabilities and accessibility of the Cocoon network, and feedback from the community and maintainers is invaluable in shaping its final form. The proposal explicitly requests input on several key areas, highlighting the collaborative spirit behind the project. One crucial area for feedback is the workload classification process. Determining which tasks are suitable for the Trusted Tier and which can be safely executed on the Untrusted Tier is essential for maintaining the security and integrity of the network. Input on the criteria for this classification, as well as specific examples of workloads in each category, would be highly beneficial. Another area of focus is the shard size and determinism requirements. Sharding tasks is a key component of the Home Compute Tier, and the optimal shard size will depend on various factors, including the nature of the computation and the capabilities of the Untrusted Workers. Feedback on the trade-offs between shard size, performance, and security is crucial. Similarly, ensuring determinism in computations is essential for verification purposes. Input on the acceptable level of determinism and the mechanisms for achieving it would be greatly appreciated. The verification mechanisms themselves are also open for discussion. The proposal outlines several approaches, including redundant execution, hash-based output validation, and zk-proofs. Feedback on the effectiveness and efficiency of these mechanisms, as well as suggestions for alternative or complementary approaches, is highly valuable. The incentive model for Home Compute Tier participants is another critical area for feedback. Ensuring that the incentives are aligned with the overall health of the network and that they effectively motivate participation is paramount. Input on the reward structure, reputation system, and slashing mechanisms would be beneficial. Finally, a thorough security risk assessment is essential before implementing any new architecture. Feedback on potential security vulnerabilities and mitigation strategies is crucial for ensuring the robustness of the Cocoon network. The request for feedback underscores the collaborative nature of the Cocoon project and the commitment to building a secure, scalable, and accessible decentralized compute network. By actively engaging with the community and incorporating diverse perspectives, the Cocoon team can ensure that the Cocoon Lite proposal meets the needs of its users and contributes to the long-term success of the network.

In conclusion, the Cocoon Lite proposal offers a compelling vision for the future of decentralized computing, one that emphasizes accessibility, scalability, and security. By introducing the Home Compute Tier and leveraging the power of consumer hardware, Cocoon can unlock a vast pool of untapped resources and empower a broader community to participate in the network. The proposal's commitment to backward compatibility ensures a smooth transition, while its focus on robust verification mechanisms maintains the integrity of the network. The success of this proposal hinges on continued collaboration and feedback from the community, ensuring that Cocoon remains at the forefront of decentralized innovation. For more information on decentralized computing and related technologies, visit [insert trusted external website link here].