Proof-of-Physical-Work (PoPW), TEE, and contracts
Spelling: The verification primitive is Proof-of-Physical-Work (PoPW). Do not confuse it with unrelated “proven work” phrasing.
What PoPW binds
Proof-of-Physical-Work (PoPW) is the Konnex verification primitive for physical-world jobs. A PoPW record combines four elements into a coherent onchain (or onchain-anchored) artefact:
Task instruction — Agreed at issue time, signed by the operator, content-hashed and anchored onchain.
Policy execution trace — The sequence of actions the robot’s policy (or full stack) produced in response to that instruction.
Sensor bundle — Pose, frames, IMU, torque, temperature, and other channels the subnet’s verification function requires. Where enterprise assurance applies, critical telemetry is signed in hardware (TEE or secure element) before it reaches a general-purpose host OS, so validators can detect post-hoc synthesis or replay.
Independent scoring — Validators with no operational stake in the operator score safety, task match, efficiency, and coherence with the instruction and subnet rules.
Downstream users—regulators, insurers, customers, other robots—can line up a single story: this instruction, this trace, this signed evidence, these scores, with instruction hashes and commitments onchain.
Independent scoring is not enough if an attacker can spoof sensors at the source. The full design therefore assumes two additional security layers:
Hardware-rooted provenance (TEE / secure elements)
If the bits are fake, off-device verification does not help. The first line of defense is on the device: trusted execution environments and secure elements sign telemetry and media at capture time. Validators check signatures, freshness, and binding to the task so that synthetic or replayed streams fail verification.
Economic finality and asymmetric risk
Hardware roots the data; economics constrains behavior. Miners and validators are intended to post stake in KNX and, on mainnet, stablecoin assurance tranches. Slashing for proven misbehavior—collusion, fraud, or bypassing attestation—is designed so the expected cost of attack exceeds the plausible upside from faking a job.
Together, these are what make PoPW a physical verification primitive, not a renamed “best-of-N text” competition.
Why inference networks are a different game
Open decentralized networks for inference excel when the output is a token stream and quality is a statistical property. Physical work fails differently: the drone flew to the wrong structure, the arm grasped the wrong object, the mesh invented geometry. Those are safety, task-match, and provenance errors. Verification has to follow the work: sensor traces, timestamps, and binding to a signed task—not only benchmark scores on sampled outputs.
Subnets and workload classes
Each subnet encodes a commercial workload class (schema, scoring, and miner competition). See the subnets overview. Subnet app URLs are published with official testnet releases.
Robot-to-robot smart contracts and stablecoin escrows (roadmap)
Scope: Inter-robot smart contracts with native stablecoin escrow, deadlines, and penalties on mainnet are part of the long-term product surface. They are not guaranteed in the first public testnet build. For what runs today, see the roadmap and official release notes.
The intended job flow is:
Offer — Post a job with reward and deadline (stablecoin on mainnet).
Bid — Robots or fleets respond with ETA, location, and deposits.
Match — Parties lock escrow and deposits onchain.
Execute — Worker records sensor snapshots per policy.
Prove — Submit a PoPW bundle bound to the JobID.
Settle — Validators verify; release funds or apply penalties.
What counts as proof is workload-specific: delivery (path plus arrival media), process control (thermal logs and camera stills), inspection (imagery of named elements), and so on. Disputes, missed deadlines, and bad evidence trigger slashing and refunds according to the contract and validator layer.
See also
Last updated