What is Marlin?
Marlin is a verifiable computing protocol leveraging TEEs to allow complex workloads (like DeFi strategies, automation tasks or AI models) to be deployed over a decentralized cloud. It allows both smart contract calls and web2 APIs to be used to rent instances or execute serverless functions. As a result, Marlin can be used as a coprocessor to scale blockchain applications. The compute network is also referred to as Oyster (named after the protocol upgrade that introduced TEE-based general purpose computing).
More information on the design of the Oyster protocol can be found at the link below:
🗃️ The Protocol
2 items
There are two ways to use Oyster:
- Oyster CVM - Confidential VM allows confidential computing instances to be rented individually for any amount of time like one would on AWS. It comes with monitoring and uptime guarantees, provides developers a dedicated instance and users are billed for the entire time the instances are rented.
- Oyster Serverless - Serverless allows jobs to be transparently outsourced to an always online pool of nodes with users not having to bother with picking an instance, renting it and then paying for it any longer than the time required to execute the job. It also comes with monitoring and uptime guarantees and the nodes are shared amongst multiple users.
The table below summarizes some key features and differences to help developers make a choice.
Attribute | Oyster Serverless | Oyster CVM |
---|---|---|
Execution Time | 5 minute limit (may be modified) | No limit |
Environment | JS or WASM (WIP) sandbox (in a TEE) | Linux (in a TEE) |
Scaling | Horizontal | Horizontal + Vertical |
Fixed Cost | Zero (pay-as-you-go) | High (requires advanced provisioning) |
Operating Cost | Medium | Low |
Security | As secure as the Chrome V8 sandbox | As secure as the underlying TEE implementation |
Resource Allocation | Shared vCPU (min 5%) and memory (100 MB) | 100% of chosen vCPU and memory |
Access Modes | Request-Response (either through web2 endpoints or smart contracts); no SSH access | Flexible as per your code (for example, can also include event listeners); no SSH access |
Networking | Custom HTTP or HTTPS endpoints | Includes communication over IP (TCP) |
Storage | External with a MPC-based persistent key | External with a MPC-based persistent key |
Execution Delay | Time required to boot sandbox (in ms) and then fetch function (from RPC) | A few min to deploy image and start machine after which network call/RPC latency |
Caching | Fast load of functions on same machine (WIP) | Running machine can maintain state |
Testing | Run workerd locally or on Marlin Hub | Run docker locally |
Debugging | Not possible in production | Not possible in production |
Code updates | Redeploy | Redeploy |
Developer Guides
In the case of Oyster CVM today, enclave images have to be built from a docker image and then deployed on an instance leased from Marlin Hub. On the other hand, functions to be called using Oyster Serverless have to be made available on a DA layer which is restricted to blockchain calldata at this point.
As described above, there are two primary ways one would use to iteract with applications running in these enclaves:
- Network calls (HTTP, HTTPS or TCP): Serverless only supports HTTP/HTTPS while CVM also supports TCP connections
- On-chain relay contracts: While Serverless has native support, templates can be used to deploy custom contracts for CVM
Detailed guides and tutorials are available for CVM and Serverless in the links below:
📄️ Build with Confidential VMs
Confidential Virtual Machines (CVMs) enable secure and private computation in untrusted environments. By leveraging hardware-based encryption and secure enclaves, CVMs ensure that your sensitive data and applications remain protected even when running on third-party infrastructure. With Oyster's CVM tooling, you can create secure environments that maintain data privacy while still allowing for complex computations and operations.
📄️ Build with Serverless
Oyster Serverless allows users to execute functions without having to go through the process of renting managing an Instance themselves. Users only pay for the time it takes to execute the function. The Serverless protocol requires a set of Instances to always be on standby, ensuring that Requests are served on-demand. These Instances function as shared resources, effectively being 'rented' by multiple users simultaneously.
Additionally, serverless supports Subscriptions. It allows functions to be executed at periodic intervals to, for example, fetch price data as an oracle or trigger an LLM agent to make a tweet.
📄️ Periodic Automation of Contract Calls
In this tutorial, you'll learn how to automate periodic function calls to smart contracts.
Advantages
Marlin enhances the capabilities of blockchains in various ways:
- Performance scaling: Marlin boosts the effective throughput of blockchains by allowing computations to happen off-chain in dedicated nodes. The attestations of such computations are verifiable on-chain ensuring correctness.
- Off-chain data access: Marlin allows programs to reliably access off-chain data using APIs, expose HTTPS endpoints for web 2 compatibility and invoke smart contract transactions upon pre-defined events.
- Chain abstraction: The middleware is compatible with any blockchain provided the relay and verification contracts are deployed on that chain. As it can support code written in any language and can also host backends, Marlin makes the blockchain transparent for users and developers alike.
Distinctive Features
Broadly speaking, some advantages of Marlin over alternate decentralized cloud or ZK coprocessing solutions include:
- Tamper resistance: Many decentralized cloud solutions offer vanilla servers which technically allow malicious node operators to manipulate the execution of programs and deliver incorrect results. Confidential computing makes execution tamper-proof.
- Data confidentiality: Similar to the point above, many decentralized cloud and ZK coprocessing solutions allow node operators to view data inputs. This prevents users from sending data or outsourcing programs they wouldn’t like to publicly share. Marlin’s confidential computing solution prevents node operators from snooping into programs or any data sent to them by users.
- Circuit/VM agnostic: Most ZK coprocessors are designed for certain environments, RISC-V, WASM or MIPS and can only process programs written in compatible languages. Yet others are designed for specific use cases like accessing blockchain history. In contrast, any program that can run on Linux, can run on Marlin.
Join the Network
The Marlin network consists of different kinds of confidential computing instances:
- CPUs (like Intel SGX, Intel TDX, AWS Nitro Enclaves)
- GPUs with confidential computing support (like NVIDIA H100s)
As a permissionless network, anyone can join as a node operator on Marlin. More information on the requirements and steps to join Oyster is available in the section linked below.
📄️ Join the Network
Decentralized backends and off-chain services
Open-source contributions towards the specs of protocol upgrades, implementation of new features and tooling, or documentation are welcome!