Skip to main content
Model Runners are reachable on the public network. This protocol ensures that:
  • Communication between the Coordinator and the Model Runner is secure.
  • Requests truly come from the expected Coordinator
  • The Model Runner is controlled by the on-chain identity (wallet) it claims.
It achieves this by combining mTLS, wallet-signed messages, and a rotatable hotkey to bind each TLS certificate to an on-chain identity.

How It Works

  • Crunch Protocol issues TLS certificates through a private certificate service, signed by a Crunch Protocol CA.
  • Both sides use mTLS so the connection is encrypted and both endpoints present valid certificates.
  • A wallet signature binds the TLS public key to an on-chain identity, and a hotkey allows invalidating old bindings if needed.
  • Each gRPC request carries authentication metadata so the receiver can verify the caller.

Implementation Notes

  • Each side generates a tls_auth_message containing:
    • the TLS public key (cert_pub)
    • a hotkey value
    • a wallet signature over the message
  • Every gRPC request includes:
    • x-auth-message
    • x-auth-signature
    • x-auth-wallet-pubkey (debug only; chain remains the source of truth)

Verification Checks

When a request arrives, the receiver validates:
  1. Wallet signature Verify that x-auth-signature signs x-auth-message, using the wallet public key fetched from chain.
  2. TLS certificate binding Ensure the TLS public key in x-auth-message matches the certificate used in the active mTLS connection.
  3. Hotkey validity Ensure the hotkey in x-auth-message matches the hotkey currently registered on-chain.
Only then the request is accepted.