End-to-End Encryption

End-to-End Encryption for Distributed Agents

We strive to ensure the highest level of privacy and security through end-to-end encryption of scripts orchestrated by the Agents Flow platform when distributed to node workers in the peer-to-peer network. Here's an outline of the encryption mechanism and the process to ensure that all private data, including agent configurations, memory context, and API keys, remain secure.

Overview

End-to-End Encryption: All scripts and configurations related to agents are encrypted before they leave the WebApp and are only decrypted in the Trusted Execution Environment (TEE) on the node runner's machine.

Peer-to-Peer Network: The distribution of encrypted scripts occurs over a decentralized peer-to-peer network with information executed on only targeted nodes in the network and no one else.

Trusted Execution Environment (TEE): Decryption and execution of scripts happen exclusively within the TEE on node runner machines, ensuring that sensitive data is never exposed to the node runner.

Encryption Process

1. Script Encryption:

   • When an agent is configured and initiated in the Evolve WebApp, the agent's scripts, configuration files, and any associated data (memory content, API keys, etc.) are encrypted using a robust encryption algorithm (AES-256).

   • Encryption keys are generated for each session and are not stored on any server or transmitted over the network.

2. Distribution to Node Workers:

   • The encrypted scripts and configuration files are distributed to node workers through the peer-to-peer network.

   • Each node worker receives only the encrypted payload and does not have access to the encryption keys.

Decryption and Execution

1. Trusted Execution Environment (TEE):

   • The node runner's machine must support TEE (e.g., Intel SGX, AMD SEV) to participate in executing agents.

   • The TEE securely receives the encrypted scripts to run and decrypts them and configuration files within its protected memory space.

   • The decrypted content is never exposed outside the TEE, ensuring that the node runner cannot access sensitive data.

2. Execution of Scripts:

   • Once decrypted within the TEE, the scripts are executed as per the agent's configuration.

   • Any data generated during execution (e.g., responses from API calls, modifications to memory) remains within the TEE and is encrypted before being sent back to the WebApp or other agents in the workflow.

Secure Data Handling

Memory and API Keys:

• Agents can be configured to store and retrieve data from memory. This data, along with API keys, is encrypted before storage.

• During execution, the TEE handles decryption and encryption, ensuring that the data is never exposed in plaintext.

Private Requests:

• Any private requests made by agents, including those involving API keys, are encrypted before transmission.

• Responses are also encrypted and handled within the TEE, maintaining the confidentiality of the data throughout its lifecycle.

Configuration and Setup

Node Runner Requirements:

• Machines acting as node runners must support TEE and have the necessary software to participate in the Evolve Network.

• The node runner software is configured to automatically manage encryption keys and ensure secure communication with the TEE.

Agent Configuration:

• Users configure agents via the Evolve WebApp, specifying the required scripts, data, and API keys.

• Before distribution, the WebApp handles encryption, ensuring that all data transmitted to node workers is secure.

The end-to-end encryption mechanism ensures that all scripts and sensitive data related to agents are securely handled throughout their lifecycle.