Acurast Raises $11M for Decentralized Confidential Computing on Smartphones

Acurast Secures $11 Million for Decentralized Confidential Computing Initiative

Acurast has successfully raised $11 million to fuel its innovative project centered on decentralized confidential computing using smartphones. The core objective is to provide a tamper-resistant execution environment on standard consumer phones, coupled with robust hardware verification.

Funding Details and Key Investors

The funding round, announced on Thursday, saw participation from prominent figures including Ethereum co-founder and Polkadot founder Gavin Wood, MN Capital founder Michael van de Poppe, and GlueNet founder Ogle, among others. Acurast is targeting a mainnet launch on November 17, with plans to introduce its native ACU token concurrently.

Acurast's Vision

Alessandro De Carli, founder of Acurast, highlighted that "billions of smartphones are the most battle-tested hardware on earth" and that the company intends to leverage this existing infrastructure to reduce costs for "verifiable, confidential compute." Network data indicates that nearly 150,000 phones have already joined the network, processing over 494 million transactions and enabling the deployment of almost 94,200 services.

Project Goals

De Carli emphasized the project's aim to "remove the gatekeepers, reduce the costs, and bring secure, trustless computation to anyone, anywhere, and all without a data center."

Confidential Computing on Third-Party Hardware

Acurast proposes to enable confidential computing – where users with physical access to smartphones running the node software cannot access the data used for computation – to be provided by virtually anyone. This necessitates a setup that provides a high degree of assurance that the smartphone's owner cannot manipulate the software to compromise data secrecy.

Security Mechanisms Implemented

To address this, the project developers have implemented a series of checks designed to ensure that the smartphone is running manufacturer-approved software that adheres to its security assumptions. While similar measures have been deployed by banking app developers, communities focused on custom firmware like Graphene OS have often found workarounds. De Carli asserts that Acurast's approach mitigates these risks.

Hardware Verification Process

De Carli explained that the Acurast processor application transmits hardware-backed key pairs with key attestation to the Acurast protocol. If these keys do not match those provided by the smartphone manufacturer, "the Acurast processor is not able to get a valid attestation, thus cannot participate in the network."

Ensuring Data Integrity

According to De Carli, "this ensures only genuine and attested hardware can be onboarded," and unsuitable environments "cannot be onboarded because they don’t get the signed attestation attached to their keys," preventing the phone's owner from tampering with user data or the execution environment.

Potential Security Risks

However, the underlying security assumption is compromised if a manufacturer-endorsed smartphone operating system—iOS or Android—is successfully exploited by malware or the phone's rightful owner. De Carli downplayed this scenario, suggesting that "if you manage to find an exploit that allows you to do so, you effectively are eligible for a multimillion-dollar bounty and the exploit would be fixed shortly thereafter," referencing Google's bug bounty program.

Past Vulnerabilities

Nevertheless, vulnerabilities of this nature have been discovered in the past. For example, in Samsung’s TrustZone Operating System, a keymaster AES-GCM IV-reuse attack was identified in 2022, enabling protected key extraction and misuse of attestation. Moreover, an attacker who has already compromised the app process or the kernel is likely able to encrypt and decrypt content, but would likely be unable to extract the private key itself.