Get Started

Overview

  1. When the service start, it will generate a signing key in TEE.

  2. You can get the CPU and GPU attestation to verify the service is running in Confidential VM with NVIDIA H100 in TEE mode.

  3. The attestation includes the public key of the signing key to prove the key is generated in TEE.

  4. All the inference results contain signature with the signing key.

  5. You can use the public key to verify all the inference results is generated in TEE.

Preparation

First, you'll need a RedPill API key to use the Confidential AI service. Check out How To Use RedPill API to learn how to:

  • Create your API key in minutes

  • Make your first API request

Attestation & Public Key

Request

GET https://api.red-pill.ai/v1/attestation/report?model={model_name}

currently we support:

Sample Response

{
  "signing_address": "...",
  "nvidia_payload": "...",
  "intel_quote": "...",
  "all_attestations": [
    {
      "signing_address": "...",
      "nvidia_payload": "...",
      "intel_quote": "..."
    }
  ]
}

The all_attestations is the list of all the attestations of all GPU nodes since we add more TEE nodes to serve the inference requests. You can utilize the signing_address from the all_attestations to select the appropriate TEE node for verifying its integrity.

Verify the Attestation

  • Verify GPU Attestation

You can copy the value of nvidia_payload as the whole payload as followed to verify:

curl -X POST https://nras.attestation.nvidia.com/v3/attest/gpu \
 -H "accept: application/json" \
 -H "content-type: application/json" \
 -d "<NVIDIA_PAYLOAD_FROM_ABOVE>"

  • Verify TDX Quote

You can verify the Intel TDX quote with the value of intel_quote at TEE Attestation Explorer.

The signing_address is the account address generated inside TEE that will be used to sign the chat response. You can go to https://etherscan.io/verifiedSignatures, click Verify Signature, and paste the signing_address and message response to verify it.

nvidia_payload and intel_quote are the attestation report from NVIDIA TEE and Intel TEE respectively. You can use them to verify the integrity of the TEE. See Verify the Attestation for more details.

Chat API

Sample Request

curl -X 'POST' \
  'https://api.red-pill.ai/v1/chat/completions' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer <REDPILL_API_KEY>' \
  -d '{
  "messages": [
    {
      "content": "You are a helpful assistant.",
      "role": "system"
    },
    {
      "content": "What is your model name?",
      "role": "user"
    }
  ],
  "stream": true,
  "model": "phala/deepseek-r1-70b"
}'

That sha256 of the request body is e5542b0757e0b9d05bfa4a15da7bac97a03bd35d21b648ec492152708e795ff9

(note: in this example, there is no new line in the end of request)

Sample Response

...

data: {"id":"chatcmpl-0cdf7629fcfa4135bbdb9936e737e95c","object":"chat.completion.chunk","created":1740415146,"model":"/mnt/models/deepseek-r1-70b/deepseek-r1-70b.guff","choices":[{"index":0,"delta":{"content":""},"logprobs":null,"finish_reason":"stop","stop_reason":128001}]}

data: [DONE]

The sha256sum of response body is 7a97926adb2044fd598b392eee98ad8f7c39ea3a47747ca968ef755bbf57c211

(note: in this example, there are two new line in the end of response)

Signature

By default, you can query another API with the value of id in the response in 30 minutes.

Request

GET https://api.red-pill.ai/v1/signature/{request_id}?model={model_id}&signing_algo=ecdsa

For example, the response in the previous section, the id is chatcmpl-0cdf7629fcfa4135bbdb9936e737e95c:

curl "https://api.red-pill.ai/v1/signature/chatcmpl-0cdf7629fcfa4135bbdb9936e737e95c?model=phala/deepseek-r1-70b&signing_algo=ecdsa" \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer <REDPILL_API_KEY>'

Response

  • Text: the message you may want to verify. It is joined by the sha256 of the HTTP request body, and of the HTTP response body, separated by a colon :.

  • Signature.

Sample Response

{
  "text": "e5542b0757e0b9d05bfa4a15da7bac97a03bd35d21b648ec492152708e795ff9:7a97926adb2044fd598b392eee98ad8f7c39ea3a47747ca968ef755bbf57c211",
  "signature": "faf0316a4860fd3d412cb5851b55687edc31f5600b4667502cf32112e1ad533b5d6420beb1fd7002334a46d897e11347837675bc01982485e00549091b06f8a81b",
  "signing_algo": "ecdsa"
}

We can see that the text is e5542b0757e0b9d05bfa4a15da7bac97a03bd35d21b648ec492152708e795ff9:7a97926adb2044fd598b392eee98ad8f7c39ea3a47747ca968ef755bbf57c211

Exactly match the value we calculated in the sample in previous section.

Limitation

Since the resource limitation, the signature will be kept in the memory for 5 minutes since the response is generated.

Verify Signature

Go to https://etherscan.io/verifiedSignatures, click Verify Signature:

  • Address: You can get the address from the attestation API. The address should be same if the service did not restarted.

  • Message: see the Response of the Signature section. You can also calculate the sha256 by yourselves.

  • Signature Hash: See the Signature section.

PreviousIntroductionNextHost LLM in TEE

Last updated