Proof verification, CETs creation, DLC signature computations and transaction signing are secured and processed on Intel SGX, which provides a Trusted Execution Environment (TEE) within a private enclave.

Intel Software Guard Extensions (SGX) is a code set that allows a system to operate in "enclaves", which are private regions of memory where contents are encrypted and unreadable outside of any process or entity outside of the enclave itself.

Data and code originating in the enclave are decrypted on the fly within the CPU, protecting them from being examined or read by other code, including code running at higher privilege levels such as the operating system and any underlying hypervisors.

OmniRelayers are required to perform remote attestation to establish that their enclaves are running the correct code which has not been tampered with to ensure the integrity of proof generation, proof verification and contract signing.

Private keys are generated and stored within the SGX, which are not accessible to operators.