Go back Blog Home

Onchain Trust for Offchain Workflows

Onchain Trust for Offchain Workflows
David Chen

David Chen

4 min read
Share this article:

Syndicate has built SyndDB, an open source SQLite replication system for blockchain applications. SyndDB lets developers continue using familiar database infrastructure while connecting application activity to onchain verification and settlement. For businesses, that creates a more practical path to blockchain infrastructure: existing software patterns can connect to onchain systems without forcing every workflow into a smart contract.

That distinction matters for financial institutions. Most real-world financial systems are not designed to put every operation onchain, nor should they be. A payments company may need fraud checks, sanctions screening, and routing logic to run quickly before settlement. A broker-dealer may need trade matching or allocation logic to run privately before results are recorded. A tokenized fund platform may need eligibility checks, transfer restrictions, or NAV updates before assets move. In each case, the internal workflow can remain offchain, while the critical control points become verifiable.

Syndicate’s architecture uses Trusted Execution Environments, or TEEs, to run application infrastructure in a protected environment. The business problem is not just speed. Before software is allowed to affect settlement, there needs to be proof that it ran in the right environment, with the right code, under the right security conditions. With Stylus, Syndicate moved that proof step onchain.

The problem with offchain trust

For SyndDB, TEE verification is part of how the system decides which infrastructure can participate. When a sequencer or validator starts, restarts, scales, or rotates keys, it needs to register a signing key onchain. That key should not be trusted simply because an operator says it belongs to an approved service. The system needs to verify that the service is running in the approved TEE environment before it can participate.

For an enterprise, this is the difference between relying on an operational claim and enforcing participation rules in software. A similar pattern applies in finance: a bank should not rely only on a message saying that a collateral check was completed, a payments provider should not rely only on an assertion that compliance screening occurred, and a market operator should not rely only on a backend process claiming that approved rules were followed. The control point needs to be verifiable.

Syndicate first explored zkVMs for this process. That approach worked, but it required a separate proving pipeline with additional infrastructure and coordination. For institutions, every added service means more review work, more monitoring, and more operational risk..

The cost and latency were also material. Syndicate’s draft estimates proof generation at 30 seconds to 3 minutes, with per-proof costs of about $0.018 using self-hosted RISC Zero GPU proving and about $0.13 using SP1 Network Prover. For infrastructure that needs fast recovery, elastic scaling, and reliable key rotation, those delays are more than a technical inconvenience. They can affect system readiness, operating cost, and resilience.

How Stylus changed the architecture

Syndicate used Stylus to replace the offchain proving pipeline with a Rust smart contract compiled to WASM. When a TEE service starts, it receives an attestation from Google Cloud Confidential Space showing that it is running with the expected code and security configuration. The Stylus contract verifies that attestation directly onchain, which allows the service to register its signing key in a single transaction.

The important point is not that Syndicate rebuilt SyndDB as an onchain system. High-performance application activity still runs offchain, where it can meet practical latency and throughput requirements. Stylus is used at the point where shared trust is required: verifying that infrastructure is authorized before it can participate in settlement.

That pattern maps closely to finance. Collateral checks, compliance screening, fund updates, and market operations often need to run offchain. Stylus gives teams a way to make the trust boundary verifiable before results affect settlement.

What changed for Syndicate

The Stylus implementation reduced Syndicate’s attestation architecture from four services to three by removing the proof service. It also removed prover network dependencies, GPU infrastructure, zkVM build coordination, and per-proof costs from the attestation path. For a business evaluating production infrastructure, fewer moving parts can mean simpler operations, easier vendor review, and a smaller surface area to monitor.

The performance improvement was direct. Syndicate’s comparison states that verification moved from 30 seconds to 3 minutes under the zkVM approach to less than one second with Stylus. Node bootup delay moved from minutes to seconds. For systems that need to recover during restarts, scaling, or key rotation, faster verification can reduce downtime risk.

Stylus also allowed Syndicate to keep the architecture focused. The team did not rebuild the entire protocol around a new execution environment or move performance-sensitive workloads onchain. Instead, it identified the part of the stack where standard EVM execution created avoidable complexity, then used Stylus for that component. That is the enterprise-relevant lesson: blockchain adoption does not have to mean rewriting the whole system.

Why this matters for businesses and institutions

Syndicate’s use of Stylus shows how Arbitrum can support systems that combine offchain performance with onchain trust. That is a practical requirement for the programmable economy, where markets, transactions, and business processes run in software, and where businesses need defined rules for execution and settlement.

For institutions, the likely path is not to move every workflow fully onchain. Many will keep sensitive, high-throughput, or existing systems offchain, then use onchain verification and settlement where shared trust is required. Syndicate applies that model to infrastructure participation: a sequencer or validator can participate only after its TEE attestation is verified onchain. What would otherwise be a trust assumption becomes a programmable rule.

This is where the Arbitrum Platform becomes relevant beyond standard smart contract deployment. It supports businesses building applications, tokenized systems, and dedicated blockchain environments that need configurable execution, defined operating rules, and credible settlement. Stylus extends that platform by letting teams bring more complex verification logic onchain without adding unnecessary infrastructure around it.

SyndDB is open source and available for teams exploring similar architectures. Contact the Arbitrum team to discuss how Stylus can bring complex verification logic onchain while keeping performance-sensitive systems where they work best.

Offchain Labs has financial interests in Syndicate through investment and/or other commercial arrangements. The information provided is for informational purposes only and does not constitute financial, legal, investment, or any other form of advice. Please conduct your own independent research and consult with a qualified professional before making any decisions. This content does not constitute an endorsement or sponsorship of any product, service, project, or entity mentioned.

Read more