Why Use Proof of Execution Triangulation for Space Compute
When you send a photo to a cloud AI service, you trust that it's processed in a specific data center in a specific country. AWS US-East-1 is a classic example. But how do you verify your compute workload ran in a specific data center? And for government and financial industries, it’s critical that compute tasks, transactions, and data are secure from hackers, and in a secure location. The industry has tools to verify what code ran. It has no standard mechanism to verify where it ran.
Now imagine that the data center is an unreachable satellite, operated by a startup or newer tech company that doesn’t yet have industry trust, and is orbiting 400 km above you at 7.5 km/s. The verification gap that doesn’t cross people’s minds on Earth is now a bigger security concern.
This is the problem Proof of Execution Triangulation (Proof of ET) solves.
The gap in today's trusted computing
Trusted Execution Environments (TEEs) are the industry's answer to running sensitive workloads on infrastructure you do not control. Intel SGX, AMD SEV, and ARM TrustZone all provide remote attestation: cryptographic proof that a specific piece of software is running unmodified inside an isolated, hardware-protected environment.
Remote attestation answers "what ran." It does not answer "where it ran."
A ground-based server could clone a satellite's hardware configuration and produce identical attestation evidence. The verifier can’t tell the difference between a workload running on the intended satellite and one running on a replica in a warehouse. This is a structural limitation of every major data center and TEE platform deployed today.
The industry is actively working to close this gap. Intel's Platform Ownership Endorsement (POE) enables remote parties to establish who is in physical possession of the hardware running sensitive workloads, adding platform ownership as a layer in the attestation chain.
Our co-founder Filip Rezabek's research with the Flashbots team on Data Center Execution Assurance (DCEA), introduces a "Proof of Cloud" that binds confidential VM attestation to platform-level Trusted Platform Module (TPM) evidence, ensuring execution, quotes, and platform provenance all originate from the same compute device. These efforts contribute to "where did this run" as a recognized gap in confidential computing.
1/ “Just put it in a TEE” sounds convincing, until you ask: where is this actually running?
— frezabek (@rezabfil) April 30, 2026
TEE attestations can prove what code is running and on which CPU.
They don’t prove where that machine is running.
That missing piece is the physical-access gap. 🧵
What is Proof of Execution Triangulation?
Proof of Execution Triangulation (Proof of ET) is a cryptographic protocol that produces verifiable evidence that a specific workload executed on a specific physical satellite in orbit. It is the overarching security guarantee delivered by Space Fabric, our satellite-native trusted computing architecture.
Attestation tells you what code ran. Proof of ET tells you where it ran. Two distinct guarantees. Both necessary for orbital compute to be trustworthy.
How it works: the Satellite Execution Assurance Protocol (SEAP)
Proof of ET defines the goal. The Satellite Execution Assurance Protocol (SEAP) is the protocol that achieves it.
The process begins after launch. The satellite's TEE generates fresh cryptographic signing keys inside tamper-resistant secure elements on-orbit. No signing secrets ever exist on Earth. We covered the reasoning for this approach in more detail in our TEE comparison post.
As the satellite orbits Earth, it passes over distributed ground stations around the world. Each ground station runs a three-message challenge-response exchange with the satellite's TEE. The station sends a signed challenge with a random nonce. The satellite responds with its public key, a TEE attestation proof, and a signed nonce. The station verifies everything and, if all checks pass, issues a timestamped endorsement of the satellite's identity.
The satellite accumulates endorsements (aka 'votes in agreement') from enough independent ground stations to exceed a Byzantine fault tolerance threshold. Once the threshold is met, the endorsements are bundled into a Certificate of Authorization that any relying party can independently verify.
An adversary attempting to fake this process would need to simultaneously compromise enough ground stations and communication channels to exceed the quorum threshold.
That is constrained by the realities of LEO operations:
- The satellite completes a full orbit roughly every 90 minutes moving at 27,000 km/h.
- Each ground station pass lasts 5 to 10 minutes.
- The stations are distributed across the globe.
Simultaneously compromising all of them would require co-located directional equipment at every station, repositioned faster than the satellite traverses its ground track.
Terrestrial deployments face no comparable constraint because their hardware remains within physical reach after installation. Satellite deployments place the hardware beyond that reach entirely.
Why this matters
Proof of ET applies across orbital compute when "did this actually run on the satellite it was supposed to" needs to be confirmed.
Introducing Proof of ET 👽
— SpaceComputer (@SpaceComputerIO) April 29, 2026
Remote attestation proves what code ran.
Proof of Execution Triangulation proves where the code ran.
Why this matters for space compute:
→ AI companies sharing orbital compute get proof their models ran on the contracted satellite, not on the ground… pic.twitter.com/vuAZzf4UYA
AI companies sharing orbital compute infrastructure can verify that proprietary models executed on the specific satellite they contracted, with cryptographic proof that the workload was not replicated on the ground.
Governments processing classified or regulated data in orbit receive verifiable evidence that their processing pipeline ran unmodified on attested hardware, replacing contractual trust with cryptographic proof.
Climate, weather, and Earth observation data processed on-board a satellite can be independently verified from sensor to output, strengthening the evidentiary value of space-derived datasets.
Each of these use cases exists today in some form, served by trust models that rely on operator assurances rather than verifiable evidence. Proof of ET shifts the model from "trust us" to "verify us."
A new category for a new environment
We see Proof of ET as a category-defining protocol. Proof of Work defines how decentralized networks reach consensus. Proof of Stake defined how they do it efficiently. Proof of Execution Triangulation will define how orbital compute proves its integrity.
As computation moves to orbit and decentralized satellite networks take shape, the ability to verify execution location becomes a baseline requirement. We built Proof of ET and SEAP as the foundation for that verification layer.
The full technical details, including the formal threat model, security analysis, and implementation on ARM TrustZone with dual secure elements, are available in our Space Fabric research paper.
We verify workload execution on a specific satellite in orbit through ground stations distributed across the globe. That is the guarantee Proof of ET delivers.
Visit the SpaceComputer website
Follow us on Twitter (X) and LinkedIn
Discover your next read:
Tara Jean
