Trusted Proving
for Aztec

Offload zero-knowledge proving to hardware-attested Trusted Execution Environments. Your users get faster transactions. Your app stays responsive. Their data stays private.

Try the Playground npm install @alejoamiras/tee-rex
app.ts 
import { TeeRexProver } from "@alejoamiras/tee-rex"

// Drop-in prover: attestation, encryption, proving
const prover = new TeeRexProver("https://your-tee-rex.dev")

// Use it with any Aztec wallet
const wallet = await EmbeddedWallet.create(node, {
  pxeOptions: { proverOrOptions: prover }
})|
Why Delegate?

Proving is heavy.
Your users shouldn't carry the weight.

Zero-knowledge proofs are computationally intensive. Delegating to server-grade hardware keeps your app responsive on any device. TEE attestation ensures the server can't see your users' data.

Proving Modes

Four modes. One API.

Local (WASM)

Prove entirely in the browser. No server needed. The SDK falls back to WASM automatically when no server is configured.

Fully Private No Server

UEE (Server)

Offload proving to a remote server running native proving. Fast proofs for development and testing, without the TEE attestation overhead.

Fast Dev / Testing
Live

AWS Nitro Enclaves (TEE)

Prove inside an isolated hardware enclave. Cryptographic attestation guarantees your data stays private and the code is untampered.

Fast Private Attested
In Development

Intel SGX (TEE)

Azure Confidential Computing with Intel SGX enclaves. Same privacy guarantees, different cloud provider. Infrastructure wired, quota pending.

Fast Private Attested
Proving locally instead? The Aztec Accelerator runs native proving from your system tray. No server needed.
Get the Accelerator →
Architecture

What happens inside a TEE

1

Encrypt & Send

Your transaction data is encrypted with the enclave's public key. Only the hardware enclave can decrypt it, not even the server operator.

2

Attest & Prove

The enclave generates a cryptographic attestation document proving its identity, decrypts your data in isolated memory, and runs native proving.

3

Return & Discard

The zero-knowledge proof is returned to your app. Your private data is discarded and never leaves the enclave.

Your App encrypt(data, enclave_pk)
Trusted Execution Environment
→ Verify attestation
→ Decrypt data
→ Generate ZK proof (native proving)
→ Discard private data
Your App receives proof only
TypeScript SDK

Drop-in replacement

Replace your Aztec prover with TEE-Rex in one line. The SDK handles encryption, attestation verification, and proof retrieval.

app.ts 
import { TeeRexProver } from "@alejoamiras/tee-rex"

// One constructor, mode auto-detected from the server
const prover = new TeeRexProver("https://your-tee-rex.dev")

// Use it anywhere you'd use an Aztec prover
const wallet = await getSchnorrAccount(pxe, secret, salt, {
  prover  // ← drop-in replacement
}).deploy().wait()

Hardware Attestation

Cryptographically verified code integrity. Your SDK validates the enclave before sending any data.

Zero Data Exposure

PGP encrypted in transit, hardware-isolated in memory. Not even the server operator can see your data.

Drop-in SDK

One npm package, one constructor call. Works with EmbeddedWallet, getSchnorrAccount, or any Aztec prover interface.

Ready to prove?

Try the interactive playground or integrate the SDK into your Aztec app.

Open Playground View on GitHub