Skip to main content

Verify in 5 Minutes

You shouldn’t trust our privacy claims. Here’s how to verify them yourself in under 5 minutes.

What You’re Verifying

When you verify, you’re proving:
  1. The code running is what we claim - Docker compose hash matches published source
  2. It’s running in real TEE hardware - Intel TDX + NVIDIA GPU attestation
  3. Your specific request was processed there - Signed response with bound key

Quick Verification (2 minutes)

1. Clone the Verifier

git clone https://github.com/redpill-ai/redpill-verifier.git
cd redpill-verifier
pip install requests eth-account

2. Verify Attestation (No API Key Needed)

python3 attestation_verifier.py --model phala/deepseek-chat-v3-0324
Output: 
Signing address: 0xf852123106C1E6452b175077053c52A61Ccb1194
Request nonce: c63c4bb155a84557c640dd2ae91cb709b2aebd26aa2fcb31b7c276d2414589a3

🔐 Intel TDX quote
Intel TDX quote verified: True

🔐 TDX report data
Signing algorithm: ecdsa
Report data binds signing address: True
Report data embeds request nonce: True

🔐 GPU attestation
GPU payload nonce matches request_nonce: True
NVIDIA attestation verdict: True

Docker compose manifest attested by the enclave:
[... docker compose shown ...]

Compose sha256: 474f8a18ccb4bced1b5d3985aea2f7a498fac3a9019256ac1433cd0d9c4fb95f
mr_config (from verified quote): 0x01474f8a18ccb4bced1b5d3985aea2f7a498fac3a9019256ac1433cd0d9c4fb95f...
mr_config matches compose hash: True
If you see True for all checks, the model is running in verified TEE.

What Each Check Means

CheckWhat It Proves
Intel TDX quote verifiedCode runs in genuine Intel TDX CPU enclave
Report data binds signing addressSigning key is generated inside TEE
Report data embeds request nonceAttestation is fresh (not replayed)
GPU payload nonce matchesGPU attestation is for this specific request
NVIDIA attestation verdictGPU is genuine H100/H200 with TEE
mr_config matches compose hashRunning code matches the Docker compose shown

Verify Signed Responses (Requires API Key)

Want to verify YOUR specific request was processed in TEE? 
export API_KEY=your-redpill-api-key
python3 signature_verifier.py --model phala/deepseek-chat-v3-0324
Output: 
--- Streaming example ---
{
  "text": "8788fc70b3afc484...:db72b1afd0c06a63...",
  "signature": "0xe56dcf782ec610e493d7254fdf60568f...",
  "signing_address": "0xf852123106C1E6452b175077053c52A61Ccb1194",
  "signing_algo": "ecdsa"
}
Request hash matches: True
Response hash matches: True
Signature valid: True

Attestation signer: 0xf852123106C1E6452b175077053c52A61Ccb1194
Intel TDX quote verified: True
Report data binds signing address: True
GPU payload nonce matches request_nonce: True
NVIDIA attestation verdict: True
This proves:
  • Your request body hash matches what was signed
  • The response text hash matches what was signed
  • The ECDSA signature is valid
  • The signing key is bound to genuine TEE hardware

Available Confidential Models

These models support TEE verification:
ProviderModels
Phalaphala/deepseek-chat-v3-0324, phala/qwen-2.5-7b-instruct, phala/gpt-oss-120b, phala/gpt-oss-20b
Tinfoiltinfoil/deepseek-r1, tinfoil/llama-3.3-70b
Near AInearai/deepseek-v3.1, nearai/glm-4.6

How It Works

1

Generate fresh nonce

Verifier creates a random 32-byte hex nonce to prevent replay attacks
2

Fetch attestation

Request attestation from /v1/attestation/report?model=...&nonce=...
3

Verify Intel TDX quote

Submit quote to Phala’s verification service (which validates against Intel)
4

Verify NVIDIA GPU attestation

Submit GPU payload to NVIDIA NRAS service for verification
5

Check report data

Verify signing address and nonce are embedded in TEE report data
6

Verify code hash

Confirm mr_config matches SHA256 of Docker compose manifest

Programmatic Usage

from attestation_verifier import fetch_report, check_tdx_quote, check_gpu, check_report_data
import secrets

# Generate fresh nonce
nonce = secrets.token_hex(32)

# Fetch attestation (no API key needed)
attestation = fetch_report("phala/deepseek-chat-v3-0324", nonce)

# Verify all components
intel_result = check_tdx_quote(attestation)
check_report_data(attestation, nonce, intel_result)
check_gpu(attestation, nonce)

CI/CD Integration

# .github/workflows/verify-tee.yml
name: Verify TEE Attestation

on:
  schedule:
    - cron: '0 * * * *'  # Every hour
  workflow_dispatch:

jobs:
  verify:
    runs-on: ubuntu-latest
    steps:
      - name: Clone verifier
        run: |
          git clone https://github.com/redpill-ai/redpill-verifier.git
          cd redpill-verifier
          pip install requests eth-account

      - name: Verify Phala models
        run: |
          cd redpill-verifier
          python3 attestation_verifier.py --model phala/deepseek-chat-v3-0324 2>&1 | tee result.txt

      - name: Check all verifications passed
        run: |
          if grep -q "False" redpill-verifier/result.txt; then
            echo "❌ TEE verification failed!"
            exit 1
          fi
          echo "✅ All TEE verifications passed"

What If Verification Fails?

Cause: Quote couldn’t be validated against Intel’s root certificates.Action: Could be network issue. Retry. If persistent, the hardware may not be genuine TEE.
Cause: Attestation may be replayed from old request.Action: Generate new nonce and try again. If persistent, contact [email protected].
Cause: Running code doesn’t match the Docker compose manifest.Action: Check for recent updates. If mismatch persists, stop using and report to [email protected].
Cause: GPU attestation failed NVIDIA verification.Action: GPU may not be genuine H100/H200 TEE. Report to [email protected].

Next Steps

Full Attestation Guide

Deep dive into attestation format

Signature Verification

Verify individual request signatures

GitHub Repo

View verifier source code

Threat Model

Understand what we protect against