// veil.protocol — v0.1 — public good

Veil runs inside a Trusted Execution Environment. No logs. No accounts. No subscriptions. Just attestation you can verify on-chain — and pay-per-megabyte routing that vanishes when you close the tab.

> tee_quote: verified ✓ relay_count: 14 avg_latency: 38ms
00 logs stored0.13 USDC / 10MB100% on-chain verifiable
// feature 01 — trusted execution

No logs. Mathematically.

Every Veil exit node runs the WireGuard kernel inside a Trusted Execution Environment (Intel TDX / AMD SEV-SNP / Oasis ROFL). Before you connect, your client pulls a remote attestation quote and verifies it on-chain. The quote proves the exact binary running inside the enclave — and that binary, by construction, never writes a packet log to disk.

You don't have to trust us. You don't have to trust the operator. You verify the hash. The hardware does the rest.

veil-cli — verify
$ veil verify --node fra-01.veil.eth
[✓] fetching tdx quote from enclave...
[✓] mrenclave: 0x9f4a...c2e1
[✓] expected: 0x9f4a...c2e1
[✓] signature valid (intel root ca)
[✓] kernel module: wireguard-noop-v1.2
[✓] log_capability: DISABLED (hardware-enforced)
Attestation verified
ens — *.veil.eth
// registry contract → 0xA1B2…04Cd
vitalik.veil.ethAttested42ms
mullvad.veil.ethAttested29ms
snowden.veil.ethStale
// feature 02 — permissionless registry

Anyone can run a relay. Anyone can find one.

Veil's relay directory is an ENS registry, not a company. Spin up a node, prove your TEE attestation on-chain, and mint your subdomain — <yourhandle>.veil.eth, whatever you want. The contract checks the quote. If it's valid, you're in. If you go offline, the record reflects it. There's no admin. There's no allowlist.

// feature 03 — nanopayments

No subscription. Pay the bytes you breathe.

Veil bills per megabyte using x402 and Circle's nanopayment rails. Your client streams USDC to the relay as packets flow — fractions of a cent at a time, no gas fees, no monthly bill, no card on file. Close the tab and the meter stops. Open it tomorrow from a different wallet and you're a different user.

UNSECURED
Wallet0xef10…a2f6
Balance30.33 USDC
satoshi.veil.ethHumanUS ▾
Pay-as-you-go0.13 USDC / 10MB
SESSION: 0:04:21 USED: 47.2MB PAID: $0.0061
// trust boundaries

Verify what you can. Don't trust the rest.

You trust
  • Silicon root
    Intel/AMD attestation root certificates.
  • The contract
    Open-source, audited, verifiable bytecode.
  • Your client
    Run it locally. Read the code. Compile it.
You don't trust
  • The relay operator
    Anonymous. Unknown. Can refuse, can't peek.
  • Veil the company
    There is no company. No admin keys.
  • The network path
    Untrusted ISPs, hostile DNS, sniffed wires.
The protocol enforces
  • No logs
    Hardware-disabled inside the enclave.
  • No payment without service
    x402 streams settle by packet, not by promise.
  • No service without attestation
    Resolution fails closed. No quote, no route.
// frequently asked
A compromised relay can't decrypt your traffic — WireGuard runs inside the enclave, and the keys never leave the TEE. The worst a malicious operator can do is refuse service. You'll see attestation fail and your client will switch relays automatically.
No. Veil has no token. You pay in USDC via x402. That's it.
Each subdomain mint requires a fresh, valid TEE attestation quote signed by a hardware vendor's root CA. Sybils cost real silicon.
TEE overhead is single-digit milliseconds. The bottleneck is the relay's uplink, same as any VPN.
Because we cover, we don't watch.

Stop trusting. Start verifying.

Veil is open source, audited, and live on mainnet. No signup. No email. Just connect your wallet.