How L{CORE} Works
A visual guide to decentralized IoT attestation—from sensor to blockchain.
High-Level Architecture
High-Level L{CORE} Architecture
IoT Device / Sensor
did:key signature
Reclaim Attestor
(TEE Verification)
InputBox Transaction
Cartesi Rollup
(Deterministic Store)
EVM Settlement
(Arbitrum / Locale Network)
The flow: IoT devices sign sensor data with decentralized identities. Reclaim's attestor verifies signatures in a TEE. Cartesi stores attestations deterministically. Your chosen EVM chain provides final settlement.
IoT Device Attestation Flow
When a sensor submits data:
IoT Device Attestation Flow
1. Device Signs
ESP32/Pi/Arduino
Sensor Read
+ did:key
Sign
+ did:key
Sign
2. TEE Verification
Reclaim Attestor
Verify
Signature
in TEE
Signature
in TEE
3. On-Chain Storage
Cartesi Rollup
SQLite
Storage
Storage
Step by step:
- Device reads sensor — Temperature, humidity, GPS, accelerometer, etc.
- Signs with did:key — Cryptographic proof of device identity
- Attestor verifies — Reclaim's TEE confirms signature validity
- Privacy processing — Sensitive values bucketed or encrypted
- Blockchain submission — Proof submitted to InputBox contract
- Cartesi stores — Deterministic SQLite for queryable attestations
Two-Service Architecture
L{CORE} runs as two containers, built on Reclaim's attestor-core:
Two-Service Architecture
YOUR INFRASTRUCTURE
Reclaim Attestor
(attestor-core) :8001
- TEE verification
- did:key auth
- IoT endpoints
Cartesi Node
:10000
- SQLite storage
- Privacy buckets
- Query interface
IoT Devices
(sensors)
InputBox
Contract
Why two services?
- Attestor — Built on Reclaim's attestor-core, handles TEE verification and external communication
- Cartesi — Must be deterministic (no network calls) for fraud-proof verification
- Separation — Ensures rollup verifiability while allowing IoT device communication
Device Identity (did:key)
Every IoT device gets a decentralized identity:
Device Identity (did:key)
Device Initialization
Generate Keys
Ed25519 keypair
did:key:z6Mk...
Attestation Submission
Sign Payload
{
data: { ... },
signature,
did: "did:..."
}
data: { ... },
signature,
did: "did:..."
}
Benefits:
- No central device registry required
- Signatures prove data origin cryptographically
- Works offline—device signs locally, submits when connected
- Portable across networks and deployments
Privacy Bucketing for Sensor Data
How sensitive readings get discretized:
Privacy Bucketing
Raw Sensor Data
temperature: 23.7°C
Bucket Definition
boundaries:
[0, 10, 15, 20, 25, 30, 35]
labels:
["<10°C", "10-15°C", "15-20°C",
"20-25°C", "25-30°C", "30-35°C", ">35°C"]
"20-25°C", "25-30°C", "30-35°C", ">35°C"]
Stored Value
bucket:
"20-25°C"
Use cases:
- Prove "temperature in safe range" without exact readings
- Verify "air quality acceptable" without raw PPM values
- Confirm "device in geofenced area" without precise GPS
Query Path (Read Operations)
Queries bypass the blockchain—free and fast:
Your App Cartesi Node SQLite
──────── ──────────── ──────
│ │ │
│── GET /inspect ────────> │ │
│ │ ── SELECT * FROM ───> │
│ │ <── results ───────── │
│ <── JSON response ────── │ │
│ │ │
Key point: Read operations cost nothing (no gas) because they query the Cartesi node directly via HTTP.
Complete Sequence
Full flow for IoT sensor attestation:
Sensor SDK Attestor Reclaim TEE InputBox Cartesi
│ │ │ │ │ │
│──read───>│ │ │ │ │
│ │──sign───────│ │ │ │
│ │──POST /api──>│ │ │ │
│ │ │──verify sig──>│ │ │
│ │ │<──valid───────│ │ │
│ │ │ │ │
│ │ │────────addInput(proof)─────>│ │
│ │ │ │──advance───>│
│ │ │ │ │
│ │ │ │<──notice────│
│ │<──success───│ │ │
│<─────────│ │ │ │
Supported Device Configurations
| Device Type | SDK | Connection | Use Case |
|---|---|---|---|
| ESP32 | C | WiFi/BLE | Environmental sensors |
| Raspberry Pi | Python | Ethernet/WiFi | Industrial monitoring |
| Arduino | C | Serial/WiFi | Simple sensors |
| NVIDIA Jetson | Python | Ethernet | Computer vision + sensors |
| Generic Linux | TypeScript | Any | Gateways, aggregators |
Next Steps
- Quickstart — Deploy your first attestation
- IoT Providers Guide — Connect your devices
- Architecture Deep Dive — Technical details
- C SDK Reference — Embedded device integration