Building the future of trustless finance with zkTLS

From theory to practice

In Part 1 of the zkTLS series, we explored how zkTLS enables verifiable, privacy-preserving financial proofs for Web3, bridging Web2 financial data with on-chain smart contracts. Today, we’ll dissect its real-world implementation—starting with verifiable bank transfers and trustless data feeds—powered by Diffuse’s open-source stack.

And this isn’t just theory: our GitHub template repo demonstrates how SGX enclaves and ZK proofs turn HTTPS into a Web3 data pipeline, combining:

TLS security (Web2's gold standard)
Zero-knowledge proofs (Web3's trust engine)
TEE hardware (Intel SGX for tamper-proof execution)

What's under the hood

We've published our zkTLS enclave on GitHub. Here's what’s inside:

Secure execution (inside SGX enclave): all security-sensitive operations like TLS handshakes, key management, and proof generation occur inside the enclave, ensuring confidentiality and integrity.
Untrusted operations (ocalls): network communication (TCP connections) and file I/O are handled outside the enclave using ocalls.

The enclave acts as a black box—even if ocalls are intercepted, sensitive data (keys, raw responses) never leaves SGX-protected memory. Proofs generated by enclave can be verified on-chain via Automata's attestation.

Running zkTLS-enclave locally

If you have a machine with SGX support, you can clone, build, and run the enclave with a built-in query example—secure price fetching from Binance. If you don’t have one, you can disable SGX-specific features to run the enclave as a usual Rust application, though you won’t be able to generate the proof this way, only send requests. See more detailed instructions in our repo’s readme.

Use cases in action

Trustless data feeds

zkTLS allows Web2 price data—such as ETH/USD rates, commodity prices, and stock values—to be used as verifiable feeds in DeFi applications. Unlike traditional oracles that rely on third-party aggregation, zkTLS enables direct verification from centralized exchanges.

zkServerless extends this capability to risk management, where risk parameters are updated through zkTLS-based oracles. This ensures that assets used as collateral in DeFi protocols are assessed with structured and reliable data from external sources.

For example, if you’re looking to retrieve trustless Binance ETH/USD rate, you can use Diffuse data feeds; take a look at the docs to learn more and see where we’re deployed. Or you can use our zktls-enclave repo and build your own data feeds from scratch.

In any case, the result—manipulation-resistant data oracles, CEX-direct feeds, and significately cheaper verification due to batch proofs.

Verifiable bank transfers & DeFi collateral

zkTLS enables verifiable proof of financial transactions and balances, making it applicable to both traditional finance and DeFi. In Web2, this can be used to confirm bank payments for regulatory or business purposes—proof of payments for compliance, payroll, and escrow.

For DeFi, zkTLS also facilitates collateral abstraction, where external financial holdings can be verified for loan eligibility. zkServerless integrates zkTLS-based price oracles to pull verified asset values directly from centralized exchanges.

Example: how do you prove a bank balance without exposing transaction history? Via zkTLS:

Enclave fetches encrypted bank/account data via TLS
Generates ZK-proof of balance ≥ $X
Proof can be submitted to DeFi protocols (e.g., Teller protocol).

This opens up the road to under-collateralized loans without KYC, auditing Web 2 payrolls without raw bank logs (GDPR-compliant) and so many more.

Tokenization of RWAs

zkTLS enables the tokenization of real-world assets by verifying Web2 ownership records (e.g., real estate registries) and making them usable on-chain. This facilitates new financial models, such as fractional ownership of properties, where rental income can be automatically distributed through smart contracts.

zkTLS-powered data feeds ensure accurate on-chain valuations of tokenized assets. This is particularly relevant for gold-backed tokens, where real-time pricing from traditional financial markets needs to be continuously updated.

A flow for tokenizing a warehouse without middlemen might look like this:

The enclave scrapes HTTPS land registry
Generates ZK proof of ownership (with no raw data exposed)
Mints NFT representing ownership

What’s next?

We’re currently building Collateral Abstraction for Symbiotic, but the potential of zkTLS extends beyond price feeds and collateral verification.

Future zkTLS integrations could include:

Cross-chain interoperability (e.g., Ethereum & Cosmos)
Web2-Web3 interoperability
DeFi identity verification (e.g., proof of income for loans)
Next-gen DeFi risk management via automated zkTLS-based data feeds
zkTLS email verification