The KRNL Protocol

Compute Engine

The KRNL Compute Engine is a powerful orchestration and verification system embedded within Ethereum RPC nodes (modified Geth), designed to optimize smart contract execution across multiple blockchain networks.

Execution Sharding

Smart contract tasks are distributed across independent kernels (execution shards), enabling modular scaling and cross-chain efficiency. Each kernel can be executed permissionlessly, allowing developers to compose complex workflows without central coordination.

Executor–Attestor Mechanism

Every workflow is decomposed into containerized steps executed within discrete gVisor sandboxes.

• The Executor runs each step according to the encoded workflow logic, performing external data calls, computations, or on-chain interactions.

• The Attestor independently verifies the execution by reproducing or validating results within its own sandbox, signing an attestation once the output is confirmed.

This dual-layer verification model replaces traditional resolver-based integrations, ensuring all off-chain and cross-chain computations have cryptographic audit trails that are independently reproducible and tamper-evident.

The Compute Engine thus establishes a scalable, verifiable, and trust-minimized foundation for hybrid applications that bridge Web2, Web3, and AI systems.

Proof of Provenance (PoP)

Proof of Provenance (PoP) ensures that every workflow executed through KRNL has been securely run, observed, and verified before any transaction is finalized on-chain.

This integrity is achieved through the Executor–Attestor separation model, where open-source Executors perform the computation within discrete gVisor sandboxes, and closed-source Attestors, controlled by developers, independently verify each execution step.

The Attestor continuously monitors the sandbox environment, observes all network traffic, and cryptographically attests to the correctness of the computation. By separating execution from attestation, KRNL prevents rogue or compromised executors from manipulating results—every step must be cryptographically validated before its proof can be accepted.

Each attestation is signed using ephemeral keys derived from securely managed master secrets and the unique execution context. This ensures that:

• Keys are one-time-use and context-bound, preventing replay or forgery.

• Secrets are protected at compile time and never persist beyond execution.

• Every attestation is verifiable and linked to its specific workflow run.

The resulting composite proof combines execution context hashes, signatures, and network attestation data—creating an immutable, verifiable record of computation that can be validated on or off-chain.

PoP thus guarantees end-to-end provenance, ensuring all workflow results are both cryptographically sound and operationally transparent.