Skip to main content

What is Marlin?

Marlin is a verifiable computing protocol leveraging TEEs to allow complex workloads (like DeFi strategies, automation tasks or AI models) to be deployed over a decentralized cloud. It allows both smart contract calls and web2 APIs to be used to rent instances or execute serverless functions. As a result, Marlin can be used as a coprocessor to scale blockchain applications. The compute network is also referred to as Oyster (named after the protocol upgrade that introduced TEE-based general purpose computing).

More information on the design of the Oyster protocol can be found at the link below:

There are two ways to use Oyster:

  1. Oyster CVM - Confidential VM allows confidential computing instances to be rented individually for any amount of time like one would on AWS. It comes with monitoring and uptime guarantees, provides developers a dedicated instance and users are billed for the entire time the instances are rented.
  2. Oyster Serverless - Serverless allows jobs to be transparently outsourced to an always online pool of nodes with users not having to bother with picking an instance, renting it and then paying for it any longer than the time required to execute the job. It also comes with monitoring and uptime guarantees and the nodes are shared amongst multiple users.

The table below summarizes some key features and differences to help developers make a choice.

AttributeOyster ServerlessOyster CVM
Execution Time5 minute limit (may be modified)No limit
EnvironmentJS or WASM (WIP) sandbox (in a TEE)Linux (in a TEE)
ScalingHorizontalHorizontal + Vertical
Fixed CostZero (pay-as-you-go)High (requires advanced provisioning)
Operating CostMediumLow
SecurityAs secure as the Chrome V8 sandboxAs secure as the underlying TEE implementation
Resource AllocationShared vCPU (min 5%) and memory (100 MB)100% of chosen vCPU and memory
Access ModesRequest-Response (either through web2 endpoints or smart contracts); no SSH accessFlexible as per your code (for example, can also include event listeners); no SSH access
NetworkingCustom HTTP or HTTPS endpointsIncludes communication over IP (TCP)
StorageExternal with a MPC-based persistent keyExternal with a MPC-based persistent key
Execution DelayTime required to boot sandbox (in ms) and then fetch function (from RPC)A few min to deploy image and start machine after which network call/RPC latency
CachingFast load of functions on same machine (WIP)Running machine can maintain state
TestingRun workerd locally or on Marlin HubRun docker locally
DebuggingNot possible in productionNot possible in production
Code updatesRedeployRedeploy

Developer Guides

In the case of Oyster CVM today, enclave images have to be built from a docker image and then deployed on an instance leased from Marlin Hub. On the other hand, functions to be called using Oyster Serverless have to be made available on a DA layer which is restricted to blockchain calldata at this point.

As described above, there are two primary ways one would use to iteract with applications running in these enclaves:

  • Network calls (HTTP, HTTPS or TCP): Serverless only supports HTTP/HTTPS while CVM also supports TCP connections
  • On-chain relay contracts: While Serverless has native support, templates can be used to deploy custom contracts for CVM

Detailed guides and tutorials are available for CVM and Serverless in the links below:

Additionally, serverless supports Subscriptions. It allows functions to be executed at periodic intervals to, for example, fetch price data as an oracle or trigger an LLM agent to make a tweet.

Advantages

Marlin enhances the capabilities of blockchains in various ways:

  1. Performance scaling: Marlin boosts the effective throughput of blockchains by allowing computations to happen off-chain in dedicated nodes. The attestations of such computations are verifiable on-chain ensuring correctness.
  2. Off-chain data access: Marlin allows programs to reliably access off-chain data using APIs, expose HTTPS endpoints for web 2 compatibility and invoke smart contract transactions upon pre-defined events.
  3. Chain abstraction: The middleware is compatible with any blockchain provided the relay and verification contracts are deployed on that chain. As it can support code written in any language and can also host backends, Marlin makes the blockchain transparent for users and developers alike.

Distinctive Features

Broadly speaking, some advantages of Marlin over alternate decentralized cloud or ZK coprocessing solutions include:

  1. Tamper resistance: Many decentralized cloud solutions offer vanilla servers which technically allow malicious node operators to manipulate the execution of programs and deliver incorrect results. Confidential computing makes execution tamper-proof.
  2. Data confidentiality: Similar to the point above, many decentralized cloud and ZK coprocessing solutions allow node operators to view data inputs. This prevents users from sending data or outsourcing programs they wouldn’t like to publicly share. Marlin’s confidential computing solution prevents node operators from snooping into programs or any data sent to them by users.
  3. Circuit/VM agnostic: Most ZK coprocessors are designed for certain environments, RISC-V, WASM or MIPS and can only process programs written in compatible languages. Yet others are designed for specific use cases like accessing blockchain history. In contrast, any program that can run on Linux, can run on Marlin.

Join the Network

The Marlin network consists of different kinds of confidential computing instances:

  • CPUs (like Intel SGX, Intel TDX, AWS Nitro Enclaves)
  • GPUs with confidential computing support (like NVIDIA H100s)

As a permissionless network, anyone can join as a node operator on Marlin. More information on the requirements and steps to join Oyster is available in the section linked below.

Open-source contributions towards the specs of protocol upgrades, implementation of new features and tooling, or documentation are welcome!