Secure Web3 Data Sharing with TEE, Marlin, and IPFS

As Web3 evolves, the demand for confidential computing and decentralized data storage has grown. Whether it’s protecting user data, safeguarding AI prompts, or securing enterprise-sensitive computations, developers need tools that offer both privacy and verifiability.

In this guide, we explore a hands-on project built in Python that showcases secure data handling using three critical components:

• Trusted Execution Environments (TEE) for secure compute
  
  
• Marlin Attestation for proof of computation integrity
  
  
• IPFS for decentralized, verifiable storage
  
  

The result: a fully auditable, secure data flow that combines the strength of Web3 storage with trusted hardware guarantees. if you prefer video format, watch the YouTube recording of the live workshop.

Why Trust Matters in Web3 Compute

Decentralization has solved many problems, but not all. When it comes to handling sensitive data or executing confidential code, decentralized networks alone fall short. Users must trust that the computation was done correctly and privately. This is where TEEs and attestation play a crucial role.

What is a TEE?

A Trusted Execution Environment (TEE) is a secure area within a device’s processor that ensures both confidentiality and integrity of code and data. Even privileged software like operating systems and hypervisors cannot access what’s happening inside the enclave.

What is Marlin?

Marlin provides lightweight remote attestation services. It can prove that a given computation was executed in a TEE without being tampered with. Marlin is integrated with the Alith SDK, offering an easy interface for:

• TEE key management
  
  
• Attestation proof (quote) generation
  
  
• Secure integration with dApps
  
  

Combined with IPFS, this stack allows you to publicly share and verify sensitive data with full cryptographic assurance.

Project Overview

This Python-based demo illustrates how to:

1. Load and encrypt sensitive data
   
   
2. Generate an attestation proof via Marlin
   
   
3. Upload both data and proof to IPFS
   
   
4. Publicly verify the data and computation integrity
   
   

Project Structure

File

Purpose

app.py

Main script to attest and store data

Quickstart Guide

Prerequisites

• Python 3.8+
  
  
• IPFS daemon running locally (go-ipfs)
  
  
• Marlin attestation server (simulator or production node)
  
  
• Internet access to test via IPFS gateways
  
  

Setup Instructions

Clone the project and install dependencies:

git clone https://github.com/metis-edu/Tee_Marlin_IPFS.git

cd Tee_Marlin_IPFS

python3 -m venv venv

source venv/bin/activate

pip install alith requests

Launching Marlin (Simulator)

Run the attestation service locally:

docker run --init -p 127.0.0.1:1350:1350 marlinorg/attestation-server-custom-mock

Alternatively, build from source:

git clone https://github.com/marlinprotocol/oyster-monorepo

cd oyster-monorepo/attestation/server-custom-mock

cargo run -r

Running the Demo

Run the main script:

python3 app.py

Sample Output

Secure data stored on IPFS: bafybeie...xyz

TEE proved it, IPFS stored it, anyone can verify it

View it at: https://ipfs.io/ipfs/<CID>

The script:

• Loads a sensitive message from a file
  
  
• Sends it to a simulated Marlin TEE for attestation
  
  
• Uploads both the message and attestation proof to IPFS
  
  
• Returns the IPFS CID (Content Identifier)
  
  

Architecture Overview

Each step ensures that the data:

• Was processed securely
  
  
• Is provably tamper-free
  
  
• Can be verified by anyone without requiring trust in the data provider
  
  

Example Output

IPFS Payload

{

  "data": "Secret: Alice pays Bob $100",

  "proof": "8444a1013822a0590782a969d6f64756c655f69647827692d"

}

Visual Snapshots

• IPFS Upload Success
  
  

• Attested Data Format
  
  

Benefits of This Stack

• Confidentiality: TEEs ensure data cannot be snooped or altered.
  
  
• Integrity: Marlin proves the computation was legitimate and untampered.
  
  
• Decentralization: IPFS ensures no centralized storage dependency.
  
  
• Transparency: Verifiable proofs allow trustless sharing and auditing.
  
  

Future Use Cases

• Onchain AI inferencing with secure pre-processing
  
  
• Privacy-preserving medical or financial data workflows
  
  
• DAO-governed confidential task offloading
  
  
• Public verification of private computations in ZK systems
  
  

Resources & Repositories

• Alith SDK 
• Marlin Protocol
  
• IPFS Documentation
  
• Phala Network
  
• Project GitHub
  
  

Conclusion

Combining TEEs with attestation and decentralized storage gives developers a powerful toolkit for building privacy-first Web3 applications. Whether you’re processing confidential transactions, AI queries, or personal data, this approach ensures security, transparency, and trust.

‍