What is Nautilus?

Nautilus is a verifiable offchain compute layer on Sui. It enables builders to delegate sensitive or resource-intensive tasks to a self-managed trusted execution environment (TEE) or a TEE marketplace like Marlin Oyster while preserving trust onchain through smart contract-based verification.

Nautilus supports hybrid decentralized applications that require private data handling, complex computations, or integration with external (Web2) systems. The framework ensures computations are tamper-resistant, isolated, and cryptographically verifiable.

It currently supports self-managed AWS Nitro Enclave TEEs and Dockerized deployments through Marlin. You can verify AWS-signed enclave attestations onchain using Sui smart contracts written in Move. Refer to the Github repo for the reproducible build template.

Features

important

Nautilus is not just about running code in privacy-preserving manner in a TEE. Part of the overall value proposition is on-chain verification of computation integrity:

1. PCRs (enclave measurements) must be registered and verified onchain
2. Every computation result could optionally be verified onchain

A Nautilus application consists of 2 components:

• Offchain server: Runs inside a TEE and handles computations like user input processing or scheduled tasks.

• Onchain smart contract: Written in Move, verifies TEE attestations before executing transactions.

How it works

• Deploy the offchain server to a self-managed TEE, such as AWS Nitro Enclaves, or use Marlin Oyster to deploy Dockerized Nautilus apps.

danger

The provided reproducible build template is intended as a starting point for building your own enclave. It is not feature complete, has not undergone a security audit, and is offered as a modification-friendly reference licensed under the Apache 2.0 license.

The template and its related documentation are provided as is without warranty of any kind for evaluation purposes only.*

You can adapt and extend it to fit your specific use case.

• The TEE generates a cryptographic attestation that proves the integrity of the execution environment.

• Sui smart contracts verify the attestation onchain before accepting the TEE output.

• The integrity of the TEE is auditable and anchored by the provider's root of trust.

Refer to Nautilus design and using Nautilus for details.

Use cases

Nautilus supports several Web3 use cases for trustworthy and verifiable offchain computation. Some examples include:

• Trusted oracles: Process offchain data from Web2 services (weather, sports, financial data) or decentralized storage platforms like Walrus in a tamper-resistant way.

• AI agents: Nautilus is ideal for securely running AI models for inference or to execute agentic workflows to produce actionable outcomes, while providing data and model provenance onchain.

• DePIN solutions: DePIN (Decentralized Physical Infrastructure) can leverage Nautilus for private data computation in IoT and supply chain networks.

• Fraud prevention in multi-party systems: Decentralized exchanges (DEXs) could use Nautilus for order matching and settlement, or layer 2 solutions could prevent collision and fraud by securely running computations between untrusted parties.

• Identity management: Nautilus can provide solutions in the identity management space that require onchain verifiability for decentralized governance and proof of tamper resistance.

Seal

When used together, Nautilus and Seal enable powerful privacy-preserving use cases by combining secure and verifiable computation with secure key access. A common challenge with TEEs is persisting secret keys across restarts and different machines. Seal can address this by securely storing long-term keys and granting access only to properly attested TEEs. In this model, Nautilus handles computation over the encrypted data, while Seal controls key access. Applications that require a shared encrypted state can use both tools to privately process user requests and update encrypted data on public networks.